Return to site
Return to site

Xcode Exploit And Vulnerability Scanner

broken image


CVSS Meta Temp ScoreCurrent Exploit Price (≈)CTI Interest Score
9.6$0-$5k0.07

Xcode Exploit Scanner. Xcode Exploit Scanner Brought to you by: anonh4ck3r. Downloads: 7 This Week Last Update: 2016-09-09. Get project updates, sponsored content from our select partners, and more. Phone Number. Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications. An exploit is the specially crafted code adversaries use to take advantage of a certain vulnerability and compromise a resource. Exploit Kits. Exploit Kits are tools embedded in compromised web pages which automatically scan a visitor's machine for vulnerabilities and attempt to exploit them.

A vulnerability was found in Apple Xcode 1.5 (Programming Tool Software) and classified as very critical. Affected by this issue is an unknown part of the component Authorization. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-16. Impacted is confidentiality, integrity, and availability. Specialized e150 2007 fork manual. CVE summarizes:

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

The weakness was presented 02/01/2002. The advisory is available at metasploit.org. This vulnerability is handled as CVE-2004-2687. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but an exploit is available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 02/15/2017).

After even before and not, there has been an exploit disclosed. It is declared as highly functional. As 0-day the estimated underground price was around $5k-$25k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 277713 (Fedora Security Update for distccrc1 (FEDORA-2019-2c2dfc65d1)).

It is possible to mitigate the problem by adding an authentication mechanism.

The vulnerability is also documented in the databases at X-Force (40459) and Vulnerability Center (SBV-28090).

Product

Type

Micronta 4003 manual. Vendor

Name

CPE 2.3

CPE 2.2

Video

CVSSv3

VulDB Meta Base Score: 9.8
VulDB Meta Temp Score: 9.6
VulDB Base Score: 9.8
VulDB Temp Score: 9.6
VulDB Vector: 🔍
VulDB Reliability: 🔍

CVSSv2

AVACAuCIA
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
🔍🔍🔍🔍🔍🔍
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock
unlockunlockunlockunlockunlockunlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍

Exploiting

Class: Privilege escalation (CWE-16)
Local: No
Remote: Yes
Availability: 🔍
Status
Xcode
: Highly functional
Price Prediction: 🔍
Current Price Estimation: 🔍

0-Dayunlockunlockunlockunlock
Todayunlockunlockunlockunlock

OpenVAS ID: 801528
OpenVAS Name: distcc Remote Code Execution Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍

Xcode Exploit And Vulnerability Scanner Windows 7


Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: distcc_exec.rb
MetaSploit Name: DistCC Daemon Command Execution

Xcode Exploit And Vulnerability Scanner Software


MetaSploit File: 🔍

Threat Intelligence

Xcode Exploit And Vulnerability Scanner Download

Threat: 🔍
Adversaries: 🔍
Xcode exploit and vulnerability scanner update
: Highly functional
Price Prediction: 🔍
Current Price Estimation: 🔍

0-Dayunlockunlockunlockunlock
Todayunlockunlockunlockunlock

OpenVAS ID: 801528
OpenVAS Name: distcc Remote Code Execution Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍

Xcode Exploit And Vulnerability Scanner Windows 7


Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: distcc_exec.rb
MetaSploit Name: DistCC Daemon Command Execution

Xcode Exploit And Vulnerability Scanner Software


MetaSploit File: 🔍

Threat Intelligence

Xcode Exploit And Vulnerability Scanner Download

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍

Countermeasures

Recommended: Authentication
Status: 🔍
0-Day Time: 🔍

Timeline

02/01/2002🔍
02/01/2002+0 days🔍
12/31/2004+1063 days🔍
12/31/2004+0 days🔍
02/01/2005+32 days🔍
11/09/2010+2106 days🔍
09/02/2014+1393 days🔍
03/10/2015+189 days🔍
02/15/2017+708 days🔍

Sources

Vendor: https://www.apple.com/
Advisory: metasploit.org
CVE: CVE-2004-2687 (🔍)
X-Force: 40459
Vulnerability Center: 28090 - distcc 2.x Remote Commands Execution Vulnerability via Compilation Jobs, Critical
OSVDB: 13378 - distcc Daemon Command Execution
scip Labs: https://www.scip.ch/en/?labs.20161013

Entry

Created: 03/10/2015 12:14 PM
Updated: 02/15/2017 11:30 AM
Complete: 🔍

Use the official API to access entries easily!





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save