| VID |
17009 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The Network File System (NFS) appears to be mountable by the portmapper.
NFS server allows NFS clients to mount a local exporting file systems on NFS server. The lists of hosts to be mountable are saved in it's /etc/exports file and the host in this exports file are allowed the mount.
But, NFS has the vulnerability that the portmapper can be used to mount into mounting file systems to hosts which it does not trust in it's /etc/exports file. The portmapper may act as a proxy and forward mount requests from other remote clients to mountd.
If requests forward via the portmapper, it seems as if the local host requests to mount, is permitted to mount. An attacker could mount the system by the portmapper, to gain access to local file system on a restricted host bypassing authentication.
* References:
http://www.iss.net/security_center/static/80.php
http://www.securityfocus.com/bid/422 |
| Recommendation |
Ensure that the following conditions exist in the configuration of /etc/exports on your host
- Do not self-reference an NFS server in its own exports file.
- Do not allow the exports file to contain a \localhost\ entry.
- Export file systems only to hosts that require them.
- Export only to a fully qualified host name.
- Ensure that export lists do not exceed 256 characters.
- Use the showmount utility to check that exports are correct.
--- AND ---
Apply the appropriate patch your system for the portmapper that disallows proxy access. Refer to the following site to patch.
* CERT Advisory CA-91:21.SunOS.NFS.Jumbo.and.fsirand
http://www.cert.org/advisories/CA-1991-21.html
* CERT Advisory CA-92:15.Multiple.SunOS.vulnerabilities.patched
http://www.cert.org/advisories/CA-1992-15.html
* CERT Advisory CA-93:15.SunOS.and.Solaris.vulnerabilities
http://www.cert.org/advisories/CA-1993-15.html
* CERT Advisory CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability
http://www.cert.org/advisories/CA-1994-02.html
* CERT Advisory CA-94:15.NFS.Vulnerabilities
http://www.cert.org/advisories/CA-1994-15.html |
| Related URL |
CVE-1999-0168 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
