On Wed, 03 Dec 2003 10:33:34 -0700, Dr. MacQuigg wrote: > After reading the report at > http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html > and following this newsgroup discussion, I have some very basic questions: > > 1) What is a "sniffed password", and how do they know the attacker used a > password that was "sniffed", rather than just stolen out of someone's > notebook? > > 2) Was the breakin done remotely, or by someone with physical access to > the machine or network? I thought that "sniffing" required physical access > to a network over which unencrypted data was being transferred. Are the > remote logins to Debian servers unencrypted? > > 3) How does an attacker with a user-level password gain root access? I > understand you can call system services that have root access, and provide > bad data in those calls that will cause buffer overflows, maybe even a > machine crash, but how does a buffer overflow allow root access? I know > there is a deep technical explanation for this, but I'm hoping someone can > explain it in simple terms, or maybe point me to a good article or book > chapter. > > -- Dave
With regard to your question 3, a buffer overflow exploit is always a stack exploit and is designed to execute arbitrary code with the called program's privilege. The way it works: you call a privileged service/program/function, and you pass it a (precisely designed) parameter which is bigger than it's expecting. The parameter is put on the stack; then, when returning (because the parameter is bigger than the max size it was expecting) it will use the beginning of your big parameter as its return address. For example: Suppose the parameter has a max size of 512 bytes. You construct a parameter 516 bytes long, the first 4 bytes of which are a branch to the beginning of the other 512 bytes. Those 512 bytes contain the code to execute a shell, for example, (with, of course, root privilege). There's a bit more to it than that, but that's it in (poorly explained) principle. If I didn't get it quite right, no doubt those in here smarter than me will fix it. -- ....................paul "I think that gay marriage is something that should be between a man and a woman." -- Arnold Schwarzenegger, Governor of California -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
