Intrusion Prevention

Distcc.Daemon.Command.Execution

Description

This vulnerability affects the Samba distcc module, and also Apple Xcode which uses the distcc module for distributed compiling. There are known exploits for distcc which which make it possible for a remote attacker to gain full user level access.

Affected Products

All versions of Samba distcc.

Impact

System compromise, arbitrary command execution.

Recommended Actions

Configure distcc for greater security, see http://distcc.samba.org/security.html
Restrict network access.

CVE References

CVE-2004-2687

Other References

1