Rule:

--
Sid:
1341

--
Summary:
Attempted cpp command access via web

--
Impact:
Attempt to compile a binary on a host.

--
Detailed Information:
This is an attempt to compiile a C or C++ source on a host. The cpp
command is theGNU project's C and C++ compiler used to compile C and
C++ sourcefiles into executable binary files. The attacker could
possibly compilea program needed for other attacks on the system or
install a binaryprogram of his choosing.

--
Attack Scenarios:
The attacker can make a standard HTTP request that contains
'/usr/bin/cpp'inthe URI.

--
Ease of Attack:
Simple HTTP request.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:

Webservers should not be allowed to view or execute files and binaries
outside of it'sdesignated web root or cgi-bin. This command may also
be requested on acommand line should the attacker gain access to the
machine. Wheneverpossible, sensitive files and certain areas of the
filesystem shouldhave the system immutable flag set to prevent files
from being addedto the host. On BSD derived systems, setting the
systems runtimesecurelevel also prevents the securelevel from being
changed. (note: thesecurelevel can only be increased).
--
Contributors:
Sourcefire Research Team

-- 
Additional References:
sid: 1342
sid: 1343
sid: 1344
sid: 1346
sid: 1347
sid: 1348

--