Vulnerabilities > CVE-2004-2687 - Configuration vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description DistCC Daemon Command Execution. CVE-2004-2687. Remote exploit for linux platform id EDB-ID:16919 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16919/ title DistCC Daemon Command Execution description DistCC Daemon Command Execution. CVE-2004-2687. Remote exploits for multiple platform id EDB-ID:9915 last seen 2016-02-01 modified 2002-02-01 published 2002-02-01 reporter H D Moore source https://www.exploit-db.com/download/9915/ title DistCC Daemon - Command Execution
Metasploit
| description | This module uses a documented security weakness to execute arbitrary commands on any system running distccd. |
| id | MSF:EXPLOIT/UNIX/MISC/DISTCC_EXEC |
| last seen | 2019-12-02 |
| modified | 2018-07-26 |
| published | 2006-01-21 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/misc/distcc_exec.rb |
| title | DistCC Daemon Command Execution |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-DFEF0AF227.NASL description Restrict default configuration to localhost. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122567 published 2019-03-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122567 title Fedora 29 : distcc (2019-dfef0af227) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-dfef0af227. # include("compat.inc"); if (description) { script_id(122567); script_version("1.4"); script_cvs_date("Date: 2019/09/23 11:21:11"); script_cve_id("CVE-2004-2687"); script_xref(name:"FEDORA", value:"2019-dfef0af227"); script_name(english:"Fedora 29 : distcc (2019-dfef0af227)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Restrict default configuration to localhost. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-dfef0af227" ); script_set_attribute( attribute:"solution", value:"Update the affected distcc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'DistCC Daemon Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:distcc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"distcc-3.2rc1-22.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "distcc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-2C2DFC65D1.NASL description Restrict default configuration to localhost. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122558 published 2019-03-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122558 title Fedora 28 : distcc (2019-2c2dfc65d1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-2c2dfc65d1. # include("compat.inc"); if (description) { script_id(122558); script_version("1.4"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2004-2687"); script_xref(name:"FEDORA", value:"2019-2c2dfc65d1"); script_name(english:"Fedora 28 : distcc (2019-2c2dfc65d1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Restrict default configuration to localhost. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-2c2dfc65d1" ); script_set_attribute( attribute:"solution", value:"Update the affected distcc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'DistCC Daemon Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:distcc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"distcc-3.2rc1-22.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "distcc"); }
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82331/distcc_exec.rb.txt |
| id | PACKETSTORM:82331 |
| last seen | 2016-12-05 |
| published | 2009-10-28 |
| reporter | H D Moore |
| source | https://packetstormsecurity.com/files/82331/DistCC-Daemon-Command-Execution.html |
| title | DistCC Daemon Command Execution |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html
- http://distcc.samba.org/security.html
- http://lists.samba.org/archive/distcc/2004q3/002550.html
- http://lists.samba.org/archive/distcc/2004q3/002562.html
- http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec
- http://www.osvdb.org/13378