LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Critical Flaw Found In Security Pros' Favorite: Backtrack Linux (threatpost)

[Posted April 12, 2012 by jake]

A local privilege escalation flaw in wicd (wireless interface connection daemon) was found as part of an "ethical hacking" class using the Backtrack security-oriented Linux distribution. While Backtrack is singled out in the threatpost article, the flaw really resides in wicd and is likely present in other distributions: "The security flaw was discovered in a Backtrack component known as the Wireless Interface Connection Daemon (or WICD). The latest version of Backtrack does a poor job "sanitizing" (or filtering) inputs to the WICD DBUS (Desktop Bus) interface - a component that allows different applications to communicate with each other. That means that attackers can push invalid configuration options to DBUS, which are then written to a WICD wireless settings configuration file. The improper settings could include scripts or executables that would be run when certain events occur - such as the user connecting to a wireless network, according to the post, whose author asked to remain anonymous."
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds