
NFS Export
Through NFS, an intruder can gain access to files in the export directory.
Some administrators purposefully export directories for everyone to be able to
gain access to the data. This feature attempts to mount the exports. If the
attempt is successful, the process continues by trying to test for the UID, Mknod,
and cd Bug. The scanner option searches for a writeable directory and reports if
it finds these files:
Risk: High
Note: The risk level should be determined by the type of data exported. If it is a
read/writeable home directory, it is high risk. If the exported directory is
/cdrom, it is probably low risk.
Fix: Do all of the following: Check the configuration of the /etc/exports
directory on your host. Export file systems only to hosts that require them. Export
only to fully qualified host names. Ensure that export lists do not exceed 256
characters. Use the showmount utility to check that exports are correct.
Where possible, mount file systems to be exported read-only and export file
systems read-only
Advisories:
SunOS Patches:
.rhosts
.cshrc
.login
.profile
.netrc