Net Manager
Network Managing, Engineering and Administration with an eye toward security.

Best practices meets the real world!

Tuesday, December 02, 2003  

Well, the results are in: LWN: Debian Investigation Report. Sure looks interesting, they used a sniffed password to login to a box, then use a local privilege escalation attack to get root and install a root-kit. This was done on more than one machine, and they used a comprimised account to attack another machine. This is a very interesting attack and well described as to how it happened, but there are a few questions. How was the password sniffed? Why did a known vulnerability not get patched (not just a Debian problem -- Red Hat, Suse et all were affected)? Interesting information....

posted by David | 12/02/2003 01:19:00 PM


Post a Comment

<< Home

News Links
Blog Links


Reading blogs at work? Click to escape to a suitable site!
Get Firefox

Site Meter

Powered by Blogger