mailing list archives
XCode 1.5 and distcc 2.x Exploit
From: Ray Slakinski <ray () sdf1 net>
Date: 10 Mar 2005 17:13:04 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Security Advisory: Apple XCode and distcc
March 10, 2005
Vendor: Apple, Samba
Programs: XCode and distcc
Version: XCode 1.5, distcc 2.x
Apple ships XCode 1.5 with a feature for distributed compiling. This
feature actually uses the Samba distcc module (http://
distcc.samba.org). There are known exploits for distccd which will
enable a remote person full user level access to the target machine.
XCode ships with version 2.0.1 of distcc. We also tried updating to
2.18.3 and had similar issues with that version as well.
Apple was not contacted prior to this release because the exploit for
distccd is already known and in the wild. Users of the distributed
compiling system in XCode should disable this feature until both Apple
and Samba can take proper action to protect its users.
There are a few known exploits for distcc. By using a common method
provided by metasploit (http://metasploit.com/projects/Framework/
exploits.html#distcc_exec), I was given full access to the remote users
home folder via telnet.
Samba needs to work on proper directory jailing and remote code
execution with their distcc product. Apple needs to at least ship with
the latest version of distcc, which supports an Allow List of people that
are allowed to connect to the distcc daemon. This would minimize the
damage caused by running this service on a machine.
Exploit was discovered by Ray Slakinski (rays AT sdf1.net)
Tested and Verified by Jason McLeod (jason AT sdf1.net)
This document and follow up information can be found at http://
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
- XCode 1.5 and distcc 2.x Exploit Ray Slakinski (Mar 10)