Re: Debian Investigation Report after Server Compromises

[Dr. MacQuigg]

After reading the report at 
http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html 
and following this newsgroup discussion, I have some very basic questions:

1)  What is a "sniffed password", and how do they know the attacker used a 
password that was "sniffed", rather than just stolen out of someone's 
notebook?

2)  Was the breakin done remotely, or by someone with physical access to 
the machine or network?  I thought that "sniffing" required physical access 
to a network over which unencrypted data was being transferred.  Are the 
remote logins to Debian servers unencrypted?

3)  How does an attacker with a user-level password gain root access?  I 
understand you can call system services that have root access, and provide 
bad data in those calls that will cause buffer overflows, maybe even a 
machine crash, but how does a buffer overflow allow root access?  I know 
there is a deep technical explanation for this, but I'm hoping someone can 
explain it in simple terms, or maybe point me to a good article or book 
chapter.

-- Dave



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]