I need to fix the following Nessus vulnerability (odd punctuation sic) -
Quote:
|
Synopsis :;;It is possible to access the remote NFS shares without having root privileges.;;Description :;;Some of the NFS shares exported by the remote server could be;mounted by the scanning host. An attacker may exploit this problem;to gain read (and possibly write) access to files on remote host.;;Note that root privileges were not required to mount the remote shares. That is,;the source port to mount the shares was bigger than 1024.;;Solution :;;Configure NFS on the remote host so that only authorized hosts can mount;the remote shares.;;The remote NFS server should prevent mount requests originating from a non-privileged port.;;Risk factor :;;High / CVSS Base Score : 7.5;(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P);;Plugin output :;;The following NFS shares could be mounted without root privileges: [etc]
|
I have a
Code:
SunOS av1 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V445
.
My Googling has revealed the "nfs_portmon" option, so at the end of /etc/system I have
Code:
set nfssrv:nfs_portmon = 1
and the server has been rebooted, and it's taken effect:
Code:
$ sudo adb -k
physmem fb35d
nfs_portmon /D
nfs_portmon:
nfs_portmon: 1
yet mountd is still not on a reserved port:
Code:
$ rpcinfo -p | grep mountd
100005 1 udp 32797 mountd
100005 1 tcp 32783 mountd
100005 2 udp 32797 mountd
100005 2 tcp 32783 mountd
100005 3 udp 32797 mountd
100005 3 tcp 32783 mountd
and subsequent scans still return the same thing.
Where am I going wrong?
