DistCC Detection

high Nessus Plugin ID 12638

Synopsis

A distributed compiler is listening on the remote port.

Description

The remote host is running distcc, a distributed GCC compiler. distcc allows a user to use the resources several hosts to compile his programs more quickly.

As distcc allows anyone to execute arbitrary commands on the remote host, it should be configured to only accept connections from a restricted set of IP addresses, otherwise an attacker can use it to obtain an interactive shell on the remote host with the privileges of the distcc daemon (usually 'distccd').

Solution

Filter incoming traffic to this port, or use the '-a' option switch to restrict the set of IP addresses distcc will accept.

See Also

http://distcc.samba.org/security.html

Plugin Details

Severity: High

ID: 12638

File Name: distcc_detection.nasl

Version: 1.20

Type: remote

Published: 7/7/2004

Updated: 4/11/2022

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:distcc:distcc