| VID |
17065 |
| Severity |
30 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
The NFS exported directory is writable by anyone. It allows an attacker can modify or create any files on the exported directory of the relevant system.
* Platforms Affected:
NFS Any version
* References:
http://www.iss.net/security_center/static/84.php
http://www.cert.org/advisories/CA-1994-15.html
http://www.cerias.purdue.edu/coast/satan-html/tutorials/vulnerability/unrestricted_NFS_export.html |
| Recommendation |
Wherever possible, export the directory as read-only, or reconfigure to only export to trusted hosts. For more information, see the manual pages on your UNIX machine.
* References related to setting up a NFS server:
http://www.ebsinc.com/solaris/network/nfs.html
http://www.redhat.com/mirrors/LDP/HOWTO/NFS-HOWTO/index.html
http://nfs.sourceforge.net/nfs-howto/server.html
http://www.linuxsecurity.com/feature_stories/feature_story-118.html |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
