
NFS
The security of NFS relies heavily upon who is allowed to mount the files that
a server exports, and whether or not they are exported read-only. To find out
which directories are exported, the Scanner logs all exportable directories.
The Unix command showmount -e hostname shows the exports on a remote host. If the
exported directories look like this:
/usr (everyone)
/export/hosta hosta
/export/hostb hostb
anyone can mount /usr - and possibly replace files and gain access. hosta and
hostb appear to be clients to this server. In such a case, /usr can be mounted
by anyone. Instead, this access should be restricted. You should check hosta
and hostb for security vulnerabilities. When either is vulnerable, so is the
server.
Consult the system manual for more information on exports, NFS, or netgroups.
Risk: Low
OS Vulnerable: Any running NFS
Fix: Disable NFS, or reconfigure. See