File: 1341.txt

package info (click to toggle)
snort 2.3.3-11
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 22,512 kB
  • ctags: 11,344
  • sloc: ansic: 70,967; sh: 4,848; makefile: 748; perl: 478; sql: 212
file content (53 lines) | stat: -rw-r--r-- 1,384 bytes parent folder | download | duplicates (8)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Rule:

--
Sid:
1341

--
Summary:
Attempted gcc command access via web

--
Impact:
Attempt to compile a binary on a host.

--
Detailed Information:
This is an attempt to compiile a C or C++ source on a host. The gcc command is the GNU project's C and C++ compiler used to compile C and C++ source files into executable binary files. The attacker could possibly compile a program needed for other attacks on the system or install a binary program of his choosing.

--
Attack Scenarios:
The attacker can make a standard HTTP request that contains '/usr/bin/gcc'in the URI.

--
Ease of Attack:
Simple HTTP request.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:

Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This command may also be requested on a command line should the attacker gain access to the machine. Whenever possible, sensitive files and certain areas of the filesystem should have the system immutable flag set to prevent files from being added to the host. On BSD derived systems, setting the systems runtime securelevel also prevents the securelevel from being changed. (note: the securelevel can only be increased).
--
Contributors:
Sourcefire Research Team

-- 
Additional References:
sid: 1342
sid: 1343
sid: 1344
sid: 1345
sid: 1346
sid: 1347
sid: 1348

--