CVE-2004-2687

Published: Dec 31, 2004Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Affected (2)

Products: Apple: Xcode · Samba: Samba

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Xcode	Version 1.5
Samba Samba	Up to 2.18.3

Related CWEs

CWE-16

References (12)

http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html

Source: cve@mitre.org

http://distcc.samba.org/security.html

Source: cve@mitre.org

http://lists.samba.org/archive/distcc/2004q3/002550.html

Source: cve@mitre.org

http://lists.samba.org/archive/distcc/2004q3/002562.html

Source: cve@mitre.org

http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec

Source: cve@mitre.org

Exploit

http://www.osvdb.org/13378

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html