GEN:SID | 1:3061 |
Message | MISC distccd command execution attempt |
Summary | This event is generated when an attempt is made to connect to the distcc daemon.
|
Impact | Serious. Execution of arbitrary commands may be possible.
|
Detailed Information | Distcc is an open source distributed C/C++ compiler that can be used to compile code on remote hosts that run the distcc daemon. A vulnerability exists in the handling of commands that are generated via a distcc client. The server does not ensure that compile commands only are sent to it. A command sequence can be created that executes commands on a vulnerable server. No authentication is required to execute a command on a distcc server.
|
Affected Systems | 2.18.3 and prior
|
Attack Scenarios | An attacker can generated a valid distcc command sequence that executes a command other than a compile on a vulnerable distcc server.
|
Ease of Attack | Simple.
|
Corrective Action | Use the --allow <hosts> option when starting the distcc daemon to specify authorized client hosts.
|
Additional References | |
Rule References | url: distcc.samba.org/security.html
|