| GEN:SID | 1:3061 |
| Message | MISC distccd command execution attempt |
| Summary | This event is generated when an attempt is made to connect to the distcc daemon.
|
| Impact | Serious. Execution of arbitrary commands may be possible.
|
| Detailed Information | Distcc is an open source distributed C/C++ compiler that can be used to compile code on remote hosts that run the distcc daemon. A vulnerability exists in the handling of commands that are generated via a distcc client. The server does not ensure that compile commands only are sent to it. A command sequence can be created that executes commands on a vulnerable server. No authentication is required to execute a command on a distcc server.
|
| Affected Systems | 2.18.3 and prior
|
| Attack Scenarios | An attacker can generated a valid distcc command sequence that executes a command other than a compile on a vulnerable distcc server.
|
| Ease of Attack | Simple.
|
| Corrective Action | Use the --allow <hosts> option when starting the distcc daemon to specify authorized client hosts.
|
| Additional References | |
| Rule References | url: distcc.samba.org/security.html
|