Info

Disclosure

Oct 04, 2004

Discovery

Jul 08, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

distcc contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attempt to bypass IP access control on a 64 bit platform occurs. This flaw may lead to a loss of Confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.16 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Martin Pool

distcc

2.x

References

Bugtraq ID: 11319
Secunia Advisory ID: 12711
ISS X-Force ID: 17581
CVE ID: 2004-0601 (see also: NVD)
Vendor URL: http://distcc.samba.org/
Other Advisory URL: http://distcc.samba.org/ftp/distcc/distcc-2.16.NEWS

Credit

Martin Pool - mbpsourcefrog.net -

Direct URL: http://osvdb.org/10475