Unrestricted NFS Export
Summary
File systems exported via NFS to arbitrary hosts.
Impact
Unauthorized remote access to system and/or user files.
The problem
When a file system is exported without restriction, an intruder can remotely compromise user or system files, and then take over the machine. Examples:
- An intruder can remotely replace a system program or configuration file.
UNIX-specific examples:
- An intruder can remotely install a .rhosts file to obtain interactive access.
- An intruder can remotely install a .forward file to obtain non-interactive access.
Fix
- Make sure all file exports specify an explicit list of clients or netgroups.
- Export file systems read-only where possible.
Other tips
- Some versions of the NFS mount daemon cannot expand large netgroups and will export to the world anyway; see also Cert advisory CA-94:02. Check your vendor patch list.
- In NIS netgroup members, empty host fields are treated as wildcards and cause the mount daemon to grant access to any host.
- Consider blocking ports 2049 (nfs) and 111 (portmap) on your routers.
- See the Admin Guide to Cracking for an example of why this is a problem.
CVE Reference(s):