.

Backtrack 5 R2 priv escalation 0day found in CTF exercise

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri Apr 13, 2012 2:02 pm

Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise

I think more than likely the student found the vulnerability and told it to the class, afterwards the instructor asked them if they wanted to disclose it and the person asked not to reveal their name. Then the instructor or another employee posted the info in all of the places it was found. I'm sure they were all posted around the same time. Now I dont know about the reported disclosure to muts, i didnt see that in the statement so I assume that was made elsewhere, but in anycase, I think likely they sent an email and perhaps didnt hear back, so they posted it?

The point is, it was a mistake, more than likely not made with malicious intent. They gained nothing except notoriety, and as I think they have defiantly learned from this event.
sectestanalysis.blogspot.com/‎
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Fri Apr 13, 2012 5:06 pm

Re: Backtrack 5 R2 priv escalation 0day found in CTF exercise

And the SET licensing restriction has been removed!

http://twitter.com/dave_rel1k/status/190921359109525504

ISI's response that seems to have resolved this issue:

http://resources.infosecinstitute.com/wicd-0day-info/
GSEC, eCPPT, Sec+
Previous

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software