Python statsd python program & security

I have a statsd python program running on a public interface.
sockstat -46L gives:
Code:
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     python3.8  89566 3  udp4   *:randomport               *:*
What are the security concerns ?
 
What are the security concerns ?
Anyone could connect to it and if there's an exploitable bug in the code an attacker would have root access. Is there any type of authentication on the service? If not anyone could query it, which then leads to an information leak.
 
# ps -ax | grep 89566 to find out which command/py-script started this process, then find out why it was started.
 
Ports to other O.S. & distro's will have the same issue as they are all based on the same github source code.
 
Back
Top