Bugtraq mailing list archives
Re: Erronous post concerning Backtrack 5 R2 0day
From: Jamie Riden <jamie.riden () gmail com>
Date: Fri, 13 Apr 2012 17:05:31 +0100
On 12 April 2012 21:51, Adam Behnke <adam () infosecinstitute com> wrote:
Yesterday I made a post concerning a 0day advisory in Backtrack 5 R2: http://seclists.org/fulldisclosure/2012/Apr/123 The posting was incorrect, the vulnerability was NOT in Backtrack but in wicd, no Backtrack contributed code is vulnerable. When we tweeted and emailed to mailing lists the notifications of this vulnerability, we incorrectly shortened the title and called it "Backtrack 5 R2 priv escalation 0day ", which is misleading and could lead people to believe the bug was actually in Backtrack. The bug has always resided in wicd and not in any Backtrack team written code. We apologize for the confusion to the Backtrack team and any other persons affected by this error. We feel the Backtrack distro is a great piece of software and wish muts and the rest of the team the best.
I think some of this kerfuffle could have been avoided if the backtrack (or wicd) team had been contacted for a response prior to releasing the bug, as you would expect during a responsible disclosure process (e.g. see RFPolicy, or just common sense). It would have then been fairly obvious about who owned the bug, as it were. It's not an uninteresting issue, but let's follow process a bit better next please? Better for everyone involved. cheers, Jamie -- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden
Current thread:
- Erronous post concerning Backtrack 5 R2 0day Adam Behnke (Apr 13)
- Re: Erronous post concerning Backtrack 5 R2 0day Jamie Riden (Apr 13)