I have just read a thread on the ubuntuforums
security areait seems a very worrying security breach has been discovered, it
should however only be a problem in multi-user environments.
The file /var/log/installer/cdebconf/questions.dat contains
the install logs, here you will find the administrator username and passwords
entered during installation. The file is
world readable plain text, therefore anyone with an account on the system can
gain root privileges.
This only seems to effect the Breezy release of ubuntua
fix has been made so make sure to update asap:
# apt-get update
# apt-get upgrade
Thats all it takes.