touch-packages team mailing list archive

[James Hunt <1369450@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Public security bug reported:

$ adb shell sudo id
[sudo] password for phablet: you should not be able to see this!!!

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: android-tools-adb 4.2.2+git20130218-3ubuntu35
ProcVersionSignature: Ubuntu 3.16.0-14.20-generic 3.16.2
Uname: Linux 3.16.0-14-generic x86_64
ApportVersion: 2.14.7-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Sep 15 09:43:59 2014
InstallationDate: Installed on 2014-04-11 (156 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: android-tools
UpgradeStatus: Upgraded to utopic on 2014-05-08 (129 days ago)

** Affects: android-tools (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug utopic

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to android-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1369450

Title:
  adb shell sudo shows password in the clear

Status in “android-tools” package in Ubuntu:
  New

Bug description:
  $ adb shell sudo id
  [sudo] password for phablet: you should not be able to see this!!!

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: android-tools-adb 4.2.2+git20130218-3ubuntu35
  ProcVersionSignature: Ubuntu 3.16.0-14.20-generic 3.16.2
  Uname: Linux 3.16.0-14-generic x86_64
  ApportVersion: 2.14.7-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Sep 15 09:43:59 2014
  InstallationDate: Installed on 2014-04-11 (156 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
  SourcePackage: android-tools
  UpgradeStatus: Upgraded to utopic on 2014-05-08 (129 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/android-tools/+bug/1369450/+subscriptions