| Vulnerability Name: | CVE-2004-2687 (CCN-40459) | ||||||||
| Assigned: | 2004-12-31 | ||||||||
| Published: | 2004-12-31 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.4 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
6.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-16 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20050310 XCode 1.5 and distcc 2.x Exploit Source: CCN Type: BugTraq Mailing List, Thu Mar 10 2005 - 11:13:04 CST XCode 1.5 and distcc 2.x Exploit Source: MITRE Type: CNA CVE-2004-2687 Source: CCN Type: distcc Web site distcc: a fast, free distributed C/C++ compiler Source: CONFIRM Type: UNKNOWN http://distcc.samba.org/security.html Source: MLIST Type: UNKNOWN [distcc] 20040826 Exploit in distcc ( got compromised ;( ) Source: MLIST Type: UNKNOWN [distcc] 20040826 Exploit in distcc ( got compromised ;( ) Source: MISC Type: Exploit http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec Source: OSVDB Type: UNKNOWN 13378 Source: CCN Type: OSVDB ID: 13378 distcc Daemon Command Execution Source: XF Type: UNKNOWN distcc-compilation-command-execution(40459) Source: CCN Type: NMAP Web site File distcc-cve2004-2687 Source: CCN Type: Rapid7 Vulnerability and Exploit Database DistCC Daemon Command Execution | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||