File distcc-cve2004-2687
Script types:
portrule
Categories:
exploit, intrusive, vuln
Download: http://nmap.org/svn/scripts/distcc-cve2004-2687.nse
User Summary
Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service.
Script Arguments
cmd
the command to run at the remote server
vulns.showall
See the documentation for the vulns library.Example Usage
nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"
Script Output
PORT STATE SERVICE 3632/tcp open distccd | distcc-test: | VULNERABLE: | distcc Daemon Command Execution | State: VULNERABLE (Exploitable) | IDs: CVE:CVE-2004-2687 | Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Description: | Allows executing of arbitrary commands on systems running distccd 3.1 and | earlier. The vulnerability is the consequence of weak service configuration. | | Disclosure date: 2002-02-01 | Extra information: | | uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup) | | References: | http://distcc.googlecode.com/svn/trunk/doc/web/security.html | http://http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2687 | http://http://www.osvdb.org/13378 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html