Critical Flaw Found In Backtrack Linux

chicksdaddy writes "Threatpost is reporting on a critical security flaw in the latest version of Backtrack Linux, a popular distribution that is used by security professionals for penetration testing. The previously undiscovered privilege escalation hole was discovered by a student taking part in an InfoSec Institute Ethical Hacking class, according to the post on the group's Web site. 'The student in our ethical hacking class that found the 0day was using backtrack and decided to fuzz the program, as well as look through the source code,' wrote Jack Koziol, the Security Program Manager at the InfoSec Institute. 'He found that he could overwrite config settings and gain a root shell.' An unofficial patch is available from InfoSec Institute. Koziol said that an official patch is being tested now and is expected shortly."

From what I heard

[antonymous]

The program in question is wicd, which is a wireless network manager. And it's not like BT is a particularly secure distro - it's for pentesting, so most of it's functionality is only useful if you run as root...

Re:From what I heard

[allo]

wicd is network-manager without the sucking parts.

Re:From what I heard

[Architect_sasyr]

Any good pentester maintains good physical security (because, you know, you carry your laptop with you at all times), firewalls their own machine, and maintains a fairly decent log of what is crossing their interfaces anyway.

Unfortunately most of the people (I'd go as far as 95-99%) on the backtrack forums are neither pentesters nor good. They use wicd because they don't know how to edit a config file or run their own wpa_supplicant. Most of them go as far as trying to use BT for their regular day-to-day stuff. Idiots. But the backtrack team put up with them, so something like this becomes massive news.

I didn't see headlines when the wget vulnerability was in Backtrack 3...

Re:Usually you run as root

[davidshewitt]

You mentioned that backtrack is "a distro specifically build for security and penetration testing." I agree that it's built for penetration testing, but it is a bunch of security tools. It is not a hardened operating system. When writing non-trivial software, especially operating systems, there will always be security bugs, and you will always wonder what has been missed. That's why testing is important, and the advantage of open source makes it easier to fix the bugs when they're found.

Reading the TFA (this is ./ I know ;) the vulnerability was in WICD, a daemon used to connect to wifi. I've seen WICD in other linux distros (as a matter of fact you can install it if you don't like network-manager), so those distros are vulnerable as well if they run the affected version. IMHO, I think that the bigger issue is that the other distros are vulnerable, as people running those distros on servers don't want people to get root access, whereas that isn't such a big deal with backtrack (although it's beyond me why anyone would want wifi on a server!).

Re:Usually you run as root

ClueOS GetLive Edition.

I wholeheartedly recommend it to you.

Re:In-band Signaling Considered Harmful

Ummm.. fuck parent straight up the ass for that idiocy.

Validating your inputs is just one of many important parts of a complete security solution.

There is a good reason you'll find "Input Validation" given its own section starting on Page 5 of the OWASP Secure Coding Practices Quick Reference Guide.

But don't be too hard on CapOblivious2010 ... developers like that are the reason you'll still find plenty of work writing security code for decades to come.