A zero-day vulnerability affecting the last version of Backtrack Linux
has been spotted by a student during an Ethical Hacking class organized
by the InfoSec Institute.
The discovery was made public on InfoSec's own website and detailed by
the student himself, who says that the Wireless Interface Connection
Daemon (WICD) Backtrack components has several design flaws that can be
misused to execute a privilege escalation exploit.
"Improper sanitization of the inputs in the WICD's DBUS interfaces
allows an attacker to (semi)arbitrarily write configuration options in
WICD's 'wireless-settings.conf' file, including but not limited to
defining scripts (executables actually) to execute upon various internal
events (for instance upon connecting to a wireless network)," he
explained.
"These scripts execute as the root user, this leads to arbitrary
code/command execution by an attacker with access to the WICD DBUS
interface as the root user."
The student and the InfoSec team immediately started on working on a
proof-of-concept exploit and the patch for the vulnerability, all of
which is provided on the group's site.
Backtrack is a Linux distribution popular with penetration testers all
over the world because it comes preloaded with hundreds of handy
security tools. The vulnerability affects the latest version - Backtrack
5 R2.
Users can use the patch offered by the group or, better yet, update WICD to the new version (1.7.2) which fixes the vulnerability.
Update: The Backtrack team commented on this issue, read more here.
Fuente: net-security.org/
Link relacionado:
- Vulnerabilidad de día cero encontrada en la distribución de Linux Backtrack
No hay comentarios:
Publicar un comentario