| VID |
17007 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The remote NFS server is exporting directories to the world. If the server exports the sensitive directories as those of system or users' home, it's very dangerous.
* References:
http://www.iss.net/security_center/static/74.php
http://www.cert.org/advisories/CA-1991-21.html |
| Recommendation |
Check the share configuration or the exports file configuration. Depending on your operating system, these file names can vary; some examples are /etc/exports and /etc/dfs/dfstab.
- Export file systems only to hosts that require them.
- Export only to fully qualified hostnames.
- Make sure export lists do not exceed 256 characters.
- Use the showmount utility to check that exports are correct.
- Wherever possible, mount file systems to be exported read only and export file systems read only.
If NFS is not needed, consider disabling it, or verify and set permissions to approved users on exported volumes or shared directories. Where possible, mount file systems to be exported read-only and export file systems read-only.
Unix: Check permissions on exported volumes using the showmount -e command. If the exported directories look like the listing that follows, anyone can use mount /usr - to possibly replace files and gain access:
/usr (everyone)
/export/dira hosta
/export/dirb hostb
The hosta and hostb systems appear to be clients to this server. In such a case, /usr can be mounted by anyone. Instead, this access should be restricted. You should also check hosta and hostb for other security vulnerabilities. When either system is vulnerable, then so is the server.
Windows: NFS is not native to Windows, but may be present. To verify permissions:
1. Open Server Manager. From the Windows NT Start menu, select Programs, Administrative Tools (Common), Server Manager.
2. Select the server.
3. From the Computer menu, select Shared Directories.
4. Set permissions to allow access only to approved users.
Note: The Windows NT fix depends on what NFS server you are running. Refer to your NFS documentation for more information. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
