Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:3061 |
Message | MISC distccd command execution attempt |
Summary | This event is generated when an attempt is made to connect to the distcc daemon. |
Impact | Serious. Execution of arbitrary commands may be possible. |
Detailed Information | Distcc is an open source distributed C/C++ compiler that can be used to compile code on remote hosts that run the distcc daemon. A vulnerability exists in the handling of commands that are generated via a distcc client. The server does not ensure that compile commands only are sent to it. A command sequence can be created that executes commands on a vulnerable server. No authentication is required to execute a command on a distcc server. |
Affected Systems | 2.18.3 and prior |
Attack Scenarios | An attacker can generated a valid distcc command sequence that executes a command other than a compile on a vulnerable distcc server. |
Ease of Attack | Simple. |
Corrective Action | Use the --allow <hosts> option when starting the distcc daemon to specify authorized client hosts. |
Additional References | |
Rule References | url: distcc.samba.org/security.html |
--
DID:146578
--
http://www.aanval.com/