Lucene search

[email protected]CVE-2004-2687

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2004-2687

2022-10-0316:14:13

CWE-16

[email protected]

web.nvd.nist.gov

205

In Wild

distcc

remote code execution

xcode 1.5

cve-2004-2687

unauthorized access

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.943 High

EPSS

Percentile

99.2%

JSON

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Affected configurations

NVD

Node

applexcodeMatch1.5

sambasambaRange≤2.18.3

CPENameOperatorVersion
apple:xcodeapple xcodeeq1.5
samba:sambasambale2.18.3

CPE	Name	Operator	Version
apple:xcode	apple xcode	eq	1.5
samba:samba	samba	le	2.18.3

References

archives.neohapsis.com/archives/bugtraq/2005-03/0183.html

distcc.samba.org/security.html

lists.samba.org/archive/distcc/2004q3/002550.html

lists.samba.org/archive/distcc/2004q3/002562.html

www.metasploit.org/projects/Framework/exploits.html#distcc_exec

www.osvdb.org/13378

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.7 High

AI Score

Confidence

High

0.943 High

EPSS

Percentile

99.2%

JSON

Related for CVE-2004-2687

openvas3 nessus2 exploitdb1 fedora2 attackerkb1 debiancve1 packetstorm1 nvd1 cvelist1 nmap1 avleonov1