
NFS Portmapper Export
An intruder can mount the system through the portmapper, gaining access to a
restricted host. To the portmapper, it seems as if the local host is mounting,
and the local host is permitted to mount itself. This probe attempts to mount
via the portmapper and performs the same tests as
Risk: High
Fix: Do all of the following: Check the configuration of /etc/exports on your host.
Do not self-reference an NFS server in its own exports file. Do not allow the
exports file to contain a \localhost\ entry. Export file systems only to hosts
that require them. Export only to a fully qualified host name. Ensure that
export lists do not exceed 256 characters. Use the showmount utility to check that
exports are correct. Wherever possible, mount file systems to be exported as
read-only and export file systems as read-only.
Advisories:
SunOS Patch ID: 100173-12. Solaris Patch ID: 102034-XX at