Package: distcc Version: 2.18.1-5 Severity: grave Tags: sarge sid security Saw this on bugtraq:
XCode ships with version 2.0.1 of distcc. We also tried updating to 2.18.3 and had similar issues with that version as well. Apple was not contacted prior to this release because the exploit for distccd is already known and in the wild. Users of the distributed compiling system in XCode should disable this feature until both Apple and Samba can take proper action to protect its users. Exploit: There are a few known exploits for distcc. By using a common method provided by metasploit (http://metasploit.com/projects/Framework/ exploits.html#distcc_exec), I was given full access to the remote users home folder via telnet. Proposed Solution: Samba needs to work on proper directory jailing and remote code execution with their distcc product. Apple needs to at least ship with the latest version of distcc, which supports an Allow List of people that are allowed to connect to the distcc daemon. This would minimize the damage caused by running this service on a machine. This document and follow up information can be found at http://dev.sdf1.net/archives/003082.html Regards, Joey -- MIME - broken solution for a broken design. -- Ralf Baechle Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
