Rule:

--
Sid:
1341

--
Summary:
Attempted cc command access via web

--
Impact:
Attempt to compile a binary on a host.

--
Detailed Information:
This is an attempt to compiile a C or C++ source on a host. The cc
command is the GNUproject's C and C++ compiler used to compile C and
C++ source filesinto executable binary files. The attacker could
possibly compile aprogram needed for other attacks on the system or
install a binaryprogram of his choosing.

--
Attack Scenarios:
The attacker can make a standard HTTP request that contains
'/usr/bin/cc'in theURI.

--
Ease of Attack:
Simple HTTP request.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:

Webservers should not be allowed to view or execute files and binaries
outside ofit's designated web root or cgi-bin. This command may also
be requested on acommand line should the attacker gain access to the
machine. Wheneverpossible, sensitive files and certain areas of the
filesystem shouldhave the system immutable flag set to prevent files
from being addedto the host. On BSD derived systems, setting the
systems runtimesecurelevel also prevents the securelevel from being
changed. (note:the securelevel can only be increased).
--
Contributors:
Sourcefire Research Team

-- 
Additional References:
sid: 1342
sid: 1343
sid: 1344
sid: 1345
sid: 1346
sid: 1347
sid: 1348

--