Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2687 — Apple Xcode vulnerability

CWE-1610 documents8 sources

Severity

9.3CRITICALNVD

EPSS

90.3%

top 0.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Samba Apple Xcode

Timeline

PublishedDec 31

Latest updateApr 29

Description

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDapple/xcode1.5

▶NVDsamba/samba2.18.3

🔴Vulnerability Details

GHSA

GHSA-88vv-hvrc-733q: distcc 2↗2022-04-29

▶

CVEList

CVE-2004-2687: distcc 2↗2007-09-23

▶

OSV

CVE-2004-2687: distcc 2↗2004-12-31

▶

💥Exploits & PoCs

Exploit-DB

DistCC Daemon - Command Execution (Metasploit)↗2002-02-01

▶

Nuclei

Distccd v1 - Remote Code Execution

▶

📋Vendor Advisories

Debian

CVE-2004-2687: distcc - distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict acc...↗2004

▶

💬Community

Bugzilla

CVE-2004-2687 distcc: TCP mode has too permissive default IP address whitelist [epel-all]↗2018-12-18

▶

Bugzilla

CVE-2004-2687 distcc: TCP mode has too permissive default IP address whitelist [fedora-all]↗2018-12-18

▶

Bugzilla

CVE-2004-2687 distcc: TCP mode has too permissive default IP address whitelist↗2018-12-18

▶