Mailing List Archive

Erronous post concerning Backtrack 5 R2 0day
Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
http://seclists.org/fulldisclosure/2012/Apr/123

The posting was incorrect, the vulnerability was NOT in Backtrack but in
wicd, no Backtrack contributed code is vulnerable. When we tweeted and
emailed to mailing lists the notifications of this vulnerability, we
incorrectly shortened the title and called it "Backtrack 5 R2 priv
escalation 0day ", which is misleading and could lead people to believe the
bug was actually in Backtrack. The bug has always resided in wicd and not in
any Backtrack team written code. We apologize for the confusion to the
Backtrack team and any other persons affected by this error. We feel the
Backtrack distro is a great piece of software and wish muts and the rest of
the team the best.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: Erronous post concerning Backtrack 5 R2 0day [ In reply to ]
in soviet russia, lesson teaches you. in west, no lesson learnt by anyone.

On Thu, Apr 12, 2012 at 9:51 PM, Adam Behnke <adam@infosecinstitute.com> wrote:
> Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2:
> http://seclists.org/fulldisclosure/2012/Apr/123
>
> The posting was incorrect, the vulnerability was NOT in Backtrack but in
> wicd, no Backtrack contributed code is vulnerable. When we tweeted and
> emailed to mailing lists the notifications of this vulnerability, we
> incorrectly shortened the title and called it "Backtrack 5 R2 priv
> escalation 0day ", which is misleading and could lead people to believe the
> bug was actually in Backtrack. The bug has always resided in wicd and not in
> any Backtrack team written code. We apologize for the confusion to the
> Backtrack team and any other persons affected by this error. We feel the
> Backtrack distro is a great piece of software and wish muts and the rest of
> the team the best.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: Erronous post concerning Backtrack 5 R2 0day [ In reply to ]
I think it is misleading to just blame it on title shortening when you
clearly stated in the body of the advisory:

"This 0day exploit for Backtrack 5 R2 was discovered by a student in
theInfoSec Institute Ethical Hacking class, during an evening CTF exercise."

This was also said on the original post on your website but has since been
edited.

http://www.securityfocus.com/archive/1/522294/30/0/threaded