[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#356845: cdebconf: Preseeded passwords are disclosed in world-readable questions.dat after installation

Package: cdebconf
Version: 0.97
Severity: critical
Tags: pending

If you preseed a password question, then instead of the password being
stored in /var/lib/cdebconf/passwords.dat as it's supposed to be and
thus not copied to the installed system, it is stored in
/var/lib/cdebconf/questions.dat and copied to
/var/log/installer/cdebconf/questions.dat. While obviously your password
was already exposed by virtue of being in the preseed file, even if
you're using passwd/root-password-crypted etc. then this bug makes it
significantly easier for attackers to attack the encrypted password at
their leisure without first having to get at the contents of
/etc/shadow.

This bug arises because cdebconf 0.97 did not properly migrate a
question to a different stacked database when its type changes, which
happens in the case of preseeding because debian-installer/dummy is a
string template. I fixed this in SVN yesterday, but since this
constitutes a security flaw I think it needs a bug report too.

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: