| VID |
17050 |
| Severity |
20 |
| Port |
|
| Protocol |
UDP |
| Class |
RPC |
| Detailed Description |
The RPC mountd service allows remote users to determine the existence of files on the host.
Rpc.mountd is an RPC server that handles NFS file system mount requests. Some Linux and Solaris operating systems allow an attacker to search for the existence of any file that exists on the NFS server even though the file in question is not a part of the NFS exported file system.
* References:
http://online.securityfocus.com/bid/95
http://www.iss.net/security_center/static/347.php
Platforms Affected:
Sun Solaris 2.3
Sun Solaris 2.4 _x86
Sun Solaris 2.4
Sun Solaris 2.5 _x86
Sun Solaris 2.5
Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 2.6 _x86
Sun Solaris 2.6 |
| Recommendation |
On hosts where NFS services are not needed, the RPC statd daemon should be disabled. Administrators of the affected computer should obtain and install the following patches from Sun Patch Site, http://sunsolve.sun.com/
o Sun Solaris 2.3: 102654-02
o Sun Solaris 2.4 _x86: 102686-02
o Sun Solaris 2.4: 102685-02
o Sun Solaris 2.5 _x86: 104224-02
o Sun Solaris 2.5: 104223-02
o Sun Solaris 2.5.1 _x86: 104221-03
o Sun Solaris 2.5.1: 104220-03
o Sun Solaris 2.6 _x86: 105616-03
o Sun Solaris 2.6: 105615-03 |
| Related URL |
CVE-1999-1225 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
