CVE-2004-2687
DistCC Daemon - Command Execution
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-02-01 First Exploit
- 2004-12-31 CVE Published
- 2007-09-23 CVE Reserved
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-16: Configuration
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html | Mailing List | |
| http://distcc.samba.org/security.html | X_refsource_confirm | |
| http://lists.samba.org/archive/distcc/2004q3/002550.html | Mailing List | |
| http://lists.samba.org/archive/distcc/2004q3/002562.html | Mailing List | |
| http://www.osvdb.org/13378 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9915 | 2002-02-01 | |
| https://github.com/k4miyo/CVE-2004-2687 | 2021-08-28 | |
| http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Xcode Search vendor "Apple" for product "Xcode" | 1.5 Search vendor "Apple" for product "Xcode" and version "1.5" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | <= 2.18.3 Search vendor "Samba" for product "Samba" and version " <= 2.18.3" | - |
Affected
| ||||||