| VID |
17066 |
| Severity |
40 |
| Port |
111 |
| Protocol |
TCP,UDP |
| Class |
RPC |
| Detailed Description |
NFS file handles is guessed, giving unauthorized access to the file system.
A security vulnerability exists in fsirand program of the SunOS NFS relating to the way in which it allocates file handles. The fsirand program could allow remote users to guess NFS file handles, thereby potentially allowing them to mount and access your NFS file systems. An attacker can guess file handles to bypass mountd security and gain unauthorized access to all files on the NFS volume.
* Platforms Affected:
SunOS Any version
* References:
http://www.iss.net/security_center/static/77.php
http://www.cert.org/advisories/CA-1991-21.html |
| Recommendation |
Apply the NFS jumbo patch (Patch-ID# 100173-13), available from the Sun Microsystems Web site at http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access |
| Related URL |
CVE-1999-0167 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
