PT-2004-3577 · Distcc+1 · Distcc+1

Published

2004-12-31

Updated

2008-09-05

CVE-2004-2687

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions distcc versions 2.x

Description The issue allows remote attackers to execute arbitrary commands via compilation jobs. This is possible because the server does not perform authorization checks when executing compilation jobs.

Recommendations For distcc version 2.x, configure the server to restrict access to the server port to prevent unauthorized access.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-16

Related Identifiers

CVE-2004-2687

Affected Products

Samba

Distcc

PT-2004-3577 · Distcc+1 · Distcc+1

CVE-2004-2687

Weakness Enumeration

Related Identifiers

Affected Products

References · 13