| VID |
17061 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
On some older mount daemons if the export list of hosts within /etc/exports is over 256 character long, it will allow anyone to mount your NFS shared directories regardless of whether they are in the exports list or not.
This allows remote attackers to mount the file system of the vulnerable host without authorization.
* Note: This check sees if your export list is over 256 character long, and attempts to mount those file systems.
* Platforms Affected:
NFS Old Versions
References:
CERT Advisory CA-91:21.SunOS.NFS.Jumbo.and.fsirand
ftp://ftp.cert.org/pub/cert_advisories/CA-91:21.SunOS.NFS.Jumbo.and.fsirand
CERT Advisory CA-92:15.Multiple.SunOS.vulnerabilities.patched
ftp://ftp.cert.org/pub/cert_advisories/CA-92:15.Multiple.SunOS.vulnerabilities.patched
CERT Advisory CA-93:15.SunOS.and.Solaris.vulnerabilities
ftp://ftp.cert.org/pub/cert_advisories/CA-93:15.SunOS.and.Solaris.vulnerabilities
CERT Advisory CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability
ftp://ftp.cert.org/pub/cert_advisories/CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability
CERT Advisory CA-94:15.NFS.Vulnerabilities
ftp://ftp.cert.org/pub/cert_advisories/CA-94:15.NFS.Vulnerabilities
http://online.securityfocus.com/bid/24
http://www.cert.org/advisories/CA-1994-02.html |
| Recommendation |
Upgrade to the latest version of the NFS server, available from your vendor. Contact your vendor or refer to your operating system documentation for more information.
For Sun systems:
Apply the NFS patch (Patch-ID# 100296-04), available from the Sun Microsystems Web site, http://sunsolve.sun.com/ |
| Related URL |
CVE-1999-0211 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
