CVE-2004-2687

NUCLEI

distcc 2.x - Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2004-2687. PoCs published by H D Moore, h3x0v3rl0rd, k4miyo, including Metasploit module exploits/unix/misc/distcc_exec. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits CVE-2004-2687 in distccd by sending a crafted request to execute arbitrary commands via the distcc protocol. It leverages the lack of authentication in distccd to achieve remote code execution.

Description

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

Exploits (7)

exploitdb WORKING POC VERIFIED
by H D Moore · rubyremotemultiple
https://www.exploit-db.com/exploits/9915

This Metasploit module exploits CVE-2004-2687 in distccd by sending a crafted request to execute arbitrary commands via the distcc protocol. It leverages the lack of authentication in distccd to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: distccd (distributed compiler daemon)
No auth needed
Prerequisites: Network access to distccd (default port 3632) · distccd service running without authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by h3x0v3rl0rd · poc
https://github.com/h3x0v3rl0rd/distccd_rce_CVE-2004-2687

This repository contains a functional Python3 exploit for CVE-2004-2687, a remote code execution vulnerability in distccd versions prior to 3.1. The exploit leverages improper authentication in the distccd daemon to execute arbitrary commands via crafted network packets.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: distccd < 3.1
No auth needed
Prerequisites: Network access to distccd port (default 3632) · distccd running with improper configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by k4miyo · poc
https://github.com/k4miyo/CVE-2004-2687

This repository contains a functional Python exploit for CVE-2004-2687, a command execution vulnerability in the DistCC daemon. The exploit crafts a malicious payload to achieve remote code execution via the DistCC protocol.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DistCC daemon
No auth needed
Prerequisites: Network access to the DistCC daemon (default port 3632) · DistCC daemon running on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by micheaol · poc
https://github.com/micheaol/distccd_rce_CVE-2004-2687

This repository contains a functional Python exploit for CVE-2004-2687, a remote code execution vulnerability in distccd. The exploit crafts a malicious payload to execute arbitrary commands on the target system by leveraging the distcc protocol's argument handling.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: distccd (versions affected by CVE-2004-2687)
No auth needed
Prerequisites: Network access to the target's distccd service (default port 3632) · Target system running vulnerable distccd version
devstral-2 · analyzed Apr 21, 2026 Full analysis →
nomisec WORKING POC
by nulltrace1336 · poc
https://github.com/nulltrace1336/Metasploitable-2-Distcc-Exploit-via-Kali-Linux-CVE-2004-2687

This repository provides a functional exploit for CVE-2004-2687, targeting the DistCC daemon (distccd) via Metasploit. It includes step-by-step instructions to achieve remote code execution (RCE) on a vulnerable Metasploitable 2 target.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: distccd v1
No auth needed
Prerequisites: Metasploit Framework · Network access to target on port 3632
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/misc/distcc_exec.rb

This Metasploit module exploits a documented security weakness in distccd (CVE-2004-2687) to execute arbitrary commands via the distcc protocol. It sends a crafted DIST packet with a command payload to trigger remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: distccd (distributed compiler daemon)
No auth needed
Prerequisites: Network access to distccd (default port 3632) · distccd service running without authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Distccd v1 - Remote Code Execution
HIGHVERIFIEDby pussycat0x

References (6)

Core 6
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/13378
Various Sources mailing-list x_refsource_mlist
http://lists.samba.org/archive/distcc/2004q3/002562.html
Various Sources x_refsource_confirm
http://distcc.samba.org/security.html
Various Sources mailing-list x_refsource_mlist
http://lists.samba.org/archive/distcc/2004q3/002550.html

Scores

EPSS 0.9047
EPSS Percentile 99.6%

Details

CWE
CWE-16
Status published
Products (2)
apple/xcode 1.5
samba/samba < 2.18.3
Published Dec 31, 2004
Tracked Since Feb 18, 2026