| VID |
17008 |
| Severity |
40 |
| Port |
946,948 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The NFS CD command allows access to files that were not exported. Some older mount daemons don't effectively restrict access to mounted file systems. This flaw allows an attacker to cd .. back up the directory tree onto the non exported file system. Finally, the attacker can gain full access to the rest of the server's file system.
* References:
http://www.iss.net/security_center/static/75.php |
| Recommendation |
Contact your vendor for a patch and Apply the appropriate patch for your system |
| Related URL |
CVE-1999-0166 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
