A critical security flaw has been identified in the latest version of Backtrack, a popular version of Linux that is used by security professionals for penetration testing.

The previously undiscovered privilege escalation hole was disclosed in a post on the Web site of the Infosec Institute. It was discovered by a student taking part in an InfoSec Instutite Ethical Hacking class, according to the post.

“The student in our ethical hacking class that found the 0day was using backtrack and decided to fuzz the program, as well as look through the source code,” wrote Jack Koziol, the Security Program Manager at the InfoSec Institute. “He found that he could overwrite config settings and gain a root shell.”

Read more: threatpost

Image courtesy of ypetkova | CYBERSEECURE |