I have just read a thread on the ubuntuforums

security area—it seems a very worrying security breach has been discovered, it

should however only be a problem in multi-user environments. 

The file /var/log/installer/cdebconf/questions.dat contains

the install logs, here you will find the administrator username and passwords

entered during installation.  The file is

world readable plain text, therefore anyone with an account on the system can

gain root privileges.

This only seems to effect the ‘Breezy’ release of ubuntu—a fix has been made so make sure to update asap:

# apt-get update
# apt-get upgrade 

That’s all it takes.

Editor's Picks