NFS Export contents.gifindex.gif

NFS Export

Through NFS, an intruder can gain access to files in the export directory. Some administrators purposefully export directories for everyone to be able to gain access to the data. This feature attempts to mount the exports. If the attempt is successful, the process continues by trying to test for the UID, Mknod, and cd Bug. The scanner option searches for a writeable directory and reports if it finds these files:

ISS_NT00000000.gif .rhosts
ISS_NT00000000.gif .cshrc
ISS_NT00000000.gif .login
ISS_NT00000000.gif .profile
ISS_NT00000000.gif .netrc

These files typically indicate an account's home directory. An intruder can modify the files to obtain access to the machine.

Risk: High

Note: The risk level should be determined by the type of data exported. If it is a read/writeable home directory, it is high risk. If the exported directory is /cdrom, it is probably low risk.

Fix: Do all of the following: Check the configuration of the /etc/exports directory on your host. Export file systems only to hosts that require them. Export only to fully qualified host names. Ensure that export lists do not exceed 256 characters. Use the showmount utility to check that exports are correct.

Where possible, mount file systems to be exported read-only and export file systems read-only

Advisories: CA-91:21.SunOS.NFS.Jumbo.and.fsirand, CA-93:15.SunOS.and.Solaris.vulnerabilities , CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability, CA-94:15.NFS.Vulnerabilities

SunOS Patches: Sun Patches