Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise



And now for some truth / enlightenment:
http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/
http://www.backtrack-linux.org/forums/showthread.php?t=49411
http://www.secmaniac.com/blog/


On Wed, 11 Apr 2012 09:49:48 -0500, "Adam Behnke"
<adam@xxxxxxxxxxxxxxxxxxxx> wrote:
wicd Privilege Escalation 0Day
Tested against Backtrack 5, 5 R2, Arch distributions

Spawns a root shell. Has not been tested for potential remote
exploitation
vectors.

Discovered by a student that wishes to remain anonymous in the course
CTF.
This 0day exploit for Backtrack 5 R2 was discovered by a student in the
InfoSec Institute Ethical Hacking class, during an evening CTF exercise.
The
student wishes to remain anonymous, he has contributed a python version
of
the 0day, a patch that can be applied to wicd, as well as a writeup
detailing the discovery and exploitation process. You can find a python
version of the exploit and full write up with patch here:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html



Relevant Pages

  • Re: Python docs disappointing - group effort to hire writers?
    ... who is /learning/ the language is, quite frankly, terrifying. ... Currently Python dev seems to be more output than input, ... beautiful tutorials that start at various levels of entry. ... While your student is ...
    (comp.lang.python)
  • Re: The big shots
    ... Python, have received partial evaluation from the alphas. ... Alpha test releases are the round of test distributions before the ... It *was* the tallest mountain - it existed before its discovery, ...
    (comp.lang.python)
  • Python Software Foundation seeks mentors and students for Google Summer of Code
    ... matching mentors and projects benefiting Python and Python users. ... Note that student applications are due ... People interested in mentoring a student though PSF are encouraged to ...
    (comp.lang.python.announce)
  • VBA to change mass formulas
    ... I had to manually navigate ... automate this if at some future time I make a similar discovery. ... Cell in ColB to the right of 'Total Class Hours' adds the hours ... each class attended by each student. ...
    (microsoft.public.excel.programming)
  • Python Software Foundation seeks mentors and students for Google Summer of Code
    ... matching mentors and projects benefiting Python and Python users. ... Note that student applications are due ... People interested in mentoring a student though PSF are encouraged to ...
    (comp.lang.python)