|
|
Info |
Last Modified |
| 4 months ago |
|
|
|
|
Description |
Multiple Vendors ship with the ability to use the Network File System (NFS) for sharing drives between computers. By default, many of these implementations have little or no security that protects the contents of the shared drives. Due to administrative oversight, drives are also frequently shared without care or thought as to the amount of information available. Rather than sharing a single directory, the entire drive (including sensitive system files) may become available to remote users. In other cases, drives are shared with insecure permissions allowing anyone to mount them, read the files, as well as write or delete files.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Misconfiguration
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Best Practice
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Maintain a good security policy for NFS exported drives. Use as many technical controls as possible to restrict access to the drives, and/or require some form of authentication.
|
|
Products |
|
All Operating Systems
 |
All Versions |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
