I have just read a thread on the ubuntuforums
security areait seems a very worrying security breach has been discovered, itshould however only be a problem in multi-user environments.
The file /var/log/installer/cdebconf/questions.dat contains
the install logs, here you will find the administrator username and passwords
entered during installation. The file is
world readable plain text, therefore anyone with an account on the system cangain root privileges.
This only seems to effect the Breezy release of ubuntua fix has been made so make sure to update asap:
# apt-get update
# apt-get upgrade
Thats all it takes.