Dr. MacQuigg writes: > What is a "sniffed password" A password gotten by reading each character as it is typed on the keyboard or by intercepting an unencrypted transmission. In this case it was the former.
> ...and how do they know the attacker used a password that was "sniffed", > rather than just stolen out of someone's notebook? They know whose password it was and that his machine was rooted. > Was the breakin done remotely, or by someone with physical access to the > machine or network? A developer's machine was rooted remotely, his password was sniffed by reading the keyboard, and the password was used to log into the Debian machines remotely. > Are the remote logins to Debian servers unencrypted? No. They are encrypted using ssh. However, the attacker had a valid password and username so that didn't help. > How does an attacker with a user-level password gain root access? In this case by exploiting a bug in sbrk(). The kernel developers knew about the bug but did not believe it to be exploitable. They were wrong. > ...how does a buffer overflow allow root access? In some cases, by allowing you to overwrite a return address on the stack of a suid program with the address of your code. This exploit is rather more subtle than that, evidently. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
