| VID |
17060 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The NFS server has the flaw not to properly identify UID (User ID).
For security reasons, most NFS implementations map the root user to the nobody user. NFS client uses a 32-bit value as the UID. However, for Unix systems, the UID is a 16-bit value. A non-zero 32-bit UID submitted by an attacker could be treated as a zero 16-bit UID by the Unix operating system. The impact of this issue is that it may allow an attacker to access the system with root-level permissions on NFS servers that do not properly check the UID.
* Platforms Affected:
NFS Old Versions
* References:
http://www.iss.net/security_center/static/82.php
http://online.securityfocus.com/bid/47 |
| Recommendation |
Upgrade to the latest version of the NFS server, available from your vendor. Many mountd programs support a -nodev option that turns off the ability to create a device. Contact your vendor or refer to your operating system documentation for more information.
For Sun systems:
Apply the NFS jumbo patch (Patch-ID# 100173-13), available from the Sun Microsystems Web site, http://sunsolve.sun.com/ |
| Related URL |
CVE-1999-1021 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
