ID

VAR-200412-0740


CVE

CVE-2004-2687


TITLE

Apple Xcode Tools Configuration error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

DESCRIPTION

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. Xcode is prone to a remote security vulnerability

Trust: 1.35

sources: NVD: CVE-2004-2687 // BID: 90317 // VULHUB: VHN-11115 // VULMON: CVE-2004-2687

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 1.9

vendor:sambamodel:sambascope:lteversion:2.18.3

Trust: 1.0

vendor:sambamodel:sambascope:eqversion:2.18.3

Trust: 0.3

sources: BID: 90317 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2687
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-679
value: CRITICAL

Trust: 0.6

VULHUB: VHN-11115
value: HIGH

Trust: 0.1

VULMON: CVE-2004-2687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-2687
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-11115
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11115 // VULMON: CVE-2004-2687 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.1

sources: VULHUB: VHN-11115 // NVD: CVE-2004-2687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-11115 // VULMON: CVE-2004-2687

PATCH

title:SecGenurl:https://github.com/SecGen/SecGen

Trust: 0.1

title:Lame-HTB-Writeup-FRurl:https://github.com/gwyomarch/Lame-HTB-Writeup-FR

Trust: 0.1

title:Intrusion_Detection_System-Pythonurl:https://github.com/marcocastro100/Intrusion_Detection_System-Python

Trust: 0.1

sources: VULMON: CVE-2004-2687

EXTERNAL IDS

db:NVDid:CVE-2004-2687

Trust: 2.1

db:OSVDBid:13378

Trust: 1.2

db:CNNVDid:CNNVD-200412-679

Trust: 0.7

db:BIDid:90317

Trust: 0.5

db:EXPLOIT-DBid:9915

Trust: 0.2

db:PACKETSTORMid:82331

Trust: 0.1

db:SEEBUGid:SSVID-18008

Trust: 0.1

db:SEEBUGid:SSVID-66970

Trust: 0.1

db:VULHUBid:VHN-11115

Trust: 0.1

db:VULMONid:CVE-2004-2687

Trust: 0.1

sources: VULHUB: VHN-11115 // VULMON: CVE-2004-2687 // BID: 90317 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

REFERENCES

url:http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html

Trust: 1.5

url:http://distcc.samba.org/security.html

Trust: 1.5

url:http://www.metasploit.org/projects/framework/exploits.html#distcc_exec

Trust: 1.5

url:http://lists.samba.org/archive/distcc/2004q3/002550.html

Trust: 1.5

url:http://lists.samba.org/archive/distcc/2004q3/002562.html

Trust: 1.5

url:http://www.osvdb.org/13378

Trust: 1.2

url:https://vigilance.fr/vulnerability/distcc-privilege-escalation-via-ip-address-whitelist-28636

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/16.html

Trust: 0.1

url:https://github.com/secgen/secgen

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/9915/

Trust: 0.1

url:https://www.rapid7.com/db/modules/exploit/unix/misc/distcc_exec

Trust: 0.1

url:https://www.securityfocus.com/bid/90317

Trust: 0.1

sources: VULHUB: VHN-11115 // VULMON: CVE-2004-2687 // BID: 90317 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

CREDITS

Unknown

Trust: 0.3

sources: BID: 90317

SOURCES

db:VULHUBid:VHN-11115
db:VULMONid:CVE-2004-2687
db:BIDid:90317
db:CNNVDid:CNNVD-200412-679
db:NVDid:CVE-2004-2687

LAST UPDATE DATE

2024-08-14T14:08:56.950000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-11115date:2008-09-05T00:00:00
db:VULMONid:CVE-2004-2687date:2008-09-05T00:00:00
db:BIDid:90317date:2004-12-31T00:00:00
db:CNNVDid:CNNVD-200412-679date:2019-04-02T00:00:00
db:NVDid:CVE-2004-2687date:2008-09-05T04:00:00

SOURCES RELEASE DATE

db:VULHUBid:VHN-11115date:2004-12-31T00:00:00
db:VULMONid:CVE-2004-2687date:2004-12-31T00:00:00
db:BIDid:90317date:2004-12-31T00:00:00
db:CNNVDid:CNNVD-200412-679date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2687date:2004-12-31T05:00:00