| VID |
17059 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP |
| Class |
RPC |
| Detailed Description |
The NFS server allows remote users to create device files through MKNOD. Some older NFS servers will allow for users to mknod (create) device files on NFS mounted file systems. This could allow a remote attacker to create a kmem (kernel memory) device and change access to root and circumvent system security.
This attack also allows an attacker to map a remote volume to any resource on the target system, including hard drives, microphones, video cameras, and monitors. With this level of access, an attacker effectively controls the system.
* Platforms Affected:
NFS Old Versions
* References:
http://www.iss.net/security_center/static/78.php
http://www.cert.org/advisories/CA-1994-15.html |
| Recommendation |
Upgrade to the latest version of the NFS server, available from your vendor. Many mountd programs support a -nodev option that turns off the ability to create a device. Contact your vendor or refer to your operating system documentation for more information.
For Sun systems:
Apply the NFS jumbo patch (Patch-ID# 100173-13), available from the Sun Microsystems Web site, http://sunsolve.sun.com/ |
| Related URL |
CVE-1999-0084 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
