Sign-up

ID

VAR-200412-0740


CVE

CVE-2004-2687


TITLE

Apple Xcode Tools Configuration error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

DESCRIPTION

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. Xcode is prone to a remote security vulnerability

Trust: 1.35

sources: NVD: CVE-2004-2687 // BID: 90317 // VULHUB: VHN-11115 // VULMON: CVE-2004-2687

AFFECTED PRODUCTS

vendor:applemodel:xcodescope:eqversion:1.5

Trust: 1.9

vendor:sambamodel:sambascope:lteversion:2.18.3

Trust: 1.0

vendor:sambamodel:sambascope:eqversion:2.18.3

Trust: 0.3

sources: BID: 90317 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2687
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-679
value: CRITICAL

Trust: 0.6

VULHUB: VHN-11115
value: HIGH

Trust: 0.1

VULMON: CVE-2004-2687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-2687
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-11115
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11115 // VULMON: CVE-2004-2687 // CNNVD: CNNVD-200412-679 // NVD: CVE-2004-2687

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.1

sources: VULHUB: VHN-11115 // NVD: CVE-2004-2687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-200412-679

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-11115 // 
            
            
            
            VULMON: CVE-2004-2687

PATCH
title:SecGenurl:https://github.com/SecGen/SecGen 
Trust: 0.1
title:Lame-HTB-Writeup-FRurl:https://github.com/gwyomarch/Lame-HTB-Writeup-FR 
Trust: 0.1
title:Intrusion_Detection_System-Pythonurl:https://github.com/marcocastro100/Intrusion_Detection_System-Python 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2004-2687

EXTERNAL IDS
db:NVDid:CVE-2004-2687
Trust: 2.1
db:OSVDBid:13378
Trust: 1.2
db:CNNVDid:CNNVD-200412-679
Trust: 0.7
db:BIDid:90317
Trust: 0.5
db:EXPLOIT-DBid:9915
Trust: 0.2
db:PACKETSTORMid:82331
Trust: 0.1
db:SEEBUGid:SSVID-18008
Trust: 0.1
db:SEEBUGid:SSVID-66970
Trust: 0.1
db:VULHUBid:VHN-11115
Trust: 0.1
db:VULMONid:CVE-2004-2687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11115 // 
            
            
            
            VULMON: CVE-2004-2687 // 
            
            
            
            BID: 90317 // 
            
            
            
            CNNVD: CNNVD-200412-679 // 
            
            
            
            NVD: CVE-2004-2687

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html
Trust: 1.5
url:http://distcc.samba.org/security.html
Trust: 1.5
url:http://www.metasploit.org/projects/framework/exploits.html#distcc_exec
Trust: 1.5
url:http://lists.samba.org/archive/distcc/2004q3/002550.html
Trust: 1.5
url:http://lists.samba.org/archive/distcc/2004q3/002562.html
Trust: 1.5
url:http://www.osvdb.org/13378
Trust: 1.2
url:https://vigilance.fr/vulnerability/distcc-privilege-escalation-via-ip-address-whitelist-28636
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/16.html
Trust: 0.1
url:https://github.com/secgen/secgen
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/9915/
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/unix/misc/distcc_exec
Trust: 0.1
url:https://www.securityfocus.com/bid/90317
Trust: 0.1
sources:
            
            
            VULHUB: VHN-11115 // 
            
            
            
            VULMON: CVE-2004-2687 // 
            
            
            
            BID: 90317 // 
            
            
            
            CNNVD: CNNVD-200412-679 // 
            
            
            
            NVD: CVE-2004-2687

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 90317

SOURCES
db:VULHUBid:VHN-11115
db:VULMONid:CVE-2004-2687
db:BIDid:90317
db:CNNVDid:CNNVD-200412-679
db:NVDid:CVE-2004-2687

LAST UPDATE DATE
2024-08-14T14:08:56.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-11115date:2008-09-05T00:00:00
db:VULMONid:CVE-2004-2687date:2008-09-05T00:00:00
db:BIDid:90317date:2004-12-31T00:00:00
db:CNNVDid:CNNVD-200412-679date:2019-04-02T00:00:00
db:NVDid:CVE-2004-2687date:2008-09-05T04:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-11115date:2004-12-31T00:00:00
db:VULMONid:CVE-2004-2687date:2004-12-31T00:00:00
db:BIDid:90317date:2004-12-31T00:00:00
db:CNNVDid:CNNVD-200412-679date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2687date:2004-12-31T05:00:00