CVE-2004-2687

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html
http://lists.samba.org/archive/distcc/2004q3/002550.html
http://lists.samba.org/archive/distcc/2004q3/002562.html
http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec	Exploit
http://distcc.samba.org/security.html
http://www.osvdb.org/13378

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:apple:xcode:1.5:::::::*

Information

Published : 2004-12-30 21:00

Updated : 2008-09-04 21:00

NVD link : CVE-2004-2687

Mitre link : CVE-2004-2687

JSON object : View

CWE

CWE-16

Configuration

Products Affected

apple

xcode

samba

samba

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html", "name": "20050310 XCode 1.5 and distcc 2.x Exploit", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://lists.samba.org/archive/distcc/2004q3/002550.html", "name": "[distcc] 20040826 Exploit in distcc ( got compromised ;( )", "tags": [], "refsource": "MLIST"}, {"url": "http://lists.samba.org/archive/distcc/2004q3/002562.html", "name": "[distcc] 20040826 Exploit in distcc ( got compromised ;( )", "tags": [], "refsource": "MLIST"}, {"url": "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec", "name": "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://distcc.samba.org/security.html", "name": "http://distcc.samba.org/security.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/13378", "name": "13378", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2687", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.18.3"}, {"cpe23Uri": "cpe:2.3:a:apple:xcode:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T04:00Z"}

9.3 /10