Maybe I'm not being 100% fair here. This is a quick and easy trick that I stumbled on yesterday while screwing around with my test Ubuntu server at work. In order to do this, one must have physical access to the machine. Like any piece of equipment, if you have physical access to the box, you can pwn the box.
The thing about Ubuntu is that by default it is just as easy to own it as a Windows machine if you leave things to their default values. The reason being is that since the root account isn't enabled by default, and users sudo their way around, they sometimes forget that the root account is still there and is all powerful. All someone has to do to login as root, change passwords, create new users, or anything else they want to do (They are root after all) is reboot, select esc when grub pops up, then boot into recovery mode.