Zero-day security hole in BackTrack Linux uncovered by student

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in performing assessments in a purely native environment dedicated to hacking
BackTrack is a Linux-based penetration testing arsenal that aids security professionals in performing assessments in a purely native environment dedicated to hacking

The flaw is a privileged escalation issue in BackTrack’s wireless interface connection daemon (WICD). “There exist several design flaws [in WICD] culminating in privilege escalation exploit”, according to an InfoSec Institute blog.

“Improper sanitization of the inputs in the WICD’s DBUS [desktop bus] interfaces allows an attacker to (semi)arbitrarily write configuration options in WICD’s ‘wireless-settings.conf’ file, including but not limited to defining scripts (executables actually) to execute upon various internal events (for instance upon connecting to a wireless network). These scripts execute as the root user, this leads to arbitrary code/command execution by an attacker with access to the WICD DBUS interface as the root user”, the blog explained.

According to the BackTrack-Linux.org website, BackTrack is a Linux-based penetration testing arsenal that aids security professionals in performing assessments in a purely native environment dedicated to hacking.

The latest version of Backtrack, 5 R2, was released on March 1, 2012. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor, the website explained.

“When BackTrack was developed, it was designed to be an all in one live CD used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world”, the website noted.
 

What’s hot on Infosecurity Magazine?