Vulnerability Details : CVE-2004-2687

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Published 2004-12-31 05:00:00

Updated 2008-09-05 04:00:00

Source MITRE

View at NVD, CVE.org

At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2004-2687

Probability of exploitation activity in the next 30 days: 94.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2004-2687

DistCC Daemon Command Execution

Disclosure Date : 2002-02-01

exploit/unix/misc/distcc_exec

This module uses a documented security weakness to execute arbitrary commands on any system running distccd. Authors: - hdm <[email protected]>

More information

CVSS scores for CVE-2004-2687

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2004-2687

CWE-16

Assigned by: [email protected] (Primary)

References for CVE-2004-2687

Products affected by CVE-2004-2687

Apple » Xcode » Version: 1.5
cpe:2.3:a:apple:xcode:1.5:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions up to, including, (<=) 2.18.3
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions