Results 1 to 3 of 3

Thread: Backtrack 5 R2 priv escalation 0day found in CTF exercise

  1. #1
    Moderated Member
    Join Date
    Dec 2011
    Posts
    1

    Default Backtrack 5 R2 priv escalation 0day found in CTF exercise

    wicd Privilege Escalation 0DayTested against Backtrack 5, 5 R2, Arch distributions Spawns a root shell. Has not been tested for potential remote exploitation vectors. Discovered by a student that wishes to remain anonymous in the course CTF. This 0day exploit for Backtrack 5 R2 was discovered by a student in the InfoSec Institute Ethical Hacking class, during an evening CTF exercise. The student wishes to remain anonymous, he has contributed a python version of the 0day, a patch that can be applied to wicd, as well as a writeup detailing the discovery and exploitation process.
    Last edited by muts; 04-11-2012 at 10:55 AM.

  2. #2
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise

    This post is a bad example of a bug report, for several reasons.

    1) The title of this vulnerability should probably be "WICD Priv Escalation". As such, it should probably be reported to the WICD developers, as opposed to the BackTrack development team. If you still felt the bug report should be posted to us, the right place to post it would be "BackTrack bugs" (although it is not), or even better, our redmine ticket system.

    2) Giving the pre-requisites for the exploit to function would be helpful. In this case, you would need to create a non root user in BackTrack, have a remote attacker access BT with that non privileged account or have an unprivileged shell from a previous attack against another service, and then have that user attempt to connect to a wireless access point (assuming wicd is running as root). This is far from the default configuration in BackTrack, which further negates the title of this vulnerability.

    3) Making a mountain out of a molehill for the purpose of promoting a product or service is generally frowned upon by the security industry, especially when one already has a bad reputation.

    4)
    Once this bug is tended to by the WICD developers, we will use their official patch rather than patching our packages using untrusted sources.

    Another response can be found in our blog - http://www.backtrack-linux.org/backt...ge-escalation/
    Last edited by muts; 04-12-2012 at 06:32 AM.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    2

    Default Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise

    Wicd 1.7.2 released tonight with fix for local priv escalation https://launchpad.net/wicd/+announcement/9888

Similar Threads

  1. Non Priv User-Internet Access
    By k3eper in forum Beginners Forum
    Replies: 2
    Last Post: 03-01-2011, 09:52 PM
  2. Little Help with Privilege Escalation Please
    By nmslatte1985 in forum Beginners Forum
    Replies: 20
    Last Post: 01-29-2011, 03:57 AM
  3. AWBO Buffer Overflow Exercise
    By trojanrs in forum OLD Pentesting
    Replies: 16
    Last Post: 10-24-2009, 02:37 AM
  4. Privileges escalation
    By frankibo in forum OLD Pentesting
    Replies: 31
    Last Post: 02-14-2008, 11:07 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •