LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices



Reply
 
Search this Thread
Old 12-03-2009, 10:41 AM   #1
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,653

Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Solaris 10 "NFS Share User Mountable" Nessus vulnerability


I need to fix the following Nessus vulnerability (odd punctuation sic) -

Quote:
Synopsis :;;It is possible to access the remote NFS shares without having root privileges.;;Description :;;Some of the NFS shares exported by the remote server could be;mounted by the scanning host. An attacker may exploit this problem;to gain read (and possibly write) access to files on remote host.;;Note that root privileges were not required to mount the remote shares. That is,;the source port to mount the shares was bigger than 1024.;;Solution :;;Configure NFS on the remote host so that only authorized hosts can mount;the remote shares.;;The remote NFS server should prevent mount requests originating from a non-privileged port.;;Risk factor :;;High / CVSS Base Score : 7.5;(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P);;Plugin output :;;The following NFS shares could be mounted without root privileges: [etc]
I have a
Code:
SunOS av1 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V445
.

My Googling has revealed the "nfs_portmon" option, so at the end of /etc/system I have
Code:
set nfssrv:nfs_portmon = 1
and the server has been rebooted, and it's taken effect:
Code:
$ sudo adb -k
physmem fb35d
nfs_portmon /D
nfs_portmon:
nfs_portmon:    1
yet mountd is still not on a reserved port:
Code:
$ rpcinfo -p | grep mountd
    100005    1   udp  32797  mountd
    100005    1   tcp  32783  mountd
    100005    2   udp  32797  mountd
    100005    2   tcp  32783  mountd
    100005    3   udp  32797  mountd
    100005    3   tcp  32783  mountd
and subsequent scans still return the same thing.

Where am I going wrong?
 
Old 12-04-2009, 03:15 AM   #2
scoban
Member
 
Registered: Nov 2004
Location: Turkey
Distribution: Slackware
Posts: 145

Rep: Reputation: 16
You have to modify share options by giving necessary permissions to necessary hosts. For example to give rw access to 192.168.1.1 host:

Code:
 share -F nfs -o rw=192.168.1.1 /export/home/scoban
I do not know if it gives any advantages starting the mount daemon with <1024 ports...
 
Old 12-09-2009, 10:13 AM   #3
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,653

Original Poster
Rep: Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536Reputation: 536
Not sure restricting to certain clients is an option, as this Very Important Server's NFS exports are mounted by employees worldwide.

Anyway, this post seems to indicate that I can't do this in Solaris 10 either, but I don't know where to find the RFE to check. I searched Google and Sunsolve (after logging in, and yep we have a support contract) but couldn't find it.
 
Old 12-09-2009, 08:00 PM   #4
jlliagre
Moderator
 
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris10, Solaris 11, Mint, OL
Posts: 9,523

Rep: Reputation: 365Reputation: 365Reputation: 365Reputation: 365
After trying to understand the poorly worded problem description, it seems to me the risk factor is not that much due to using a reserved port or not but more to sharing a file system to anyone. Implementing the "-p port" option wouldn't really solve that issue as I suspect you haven't any way to prevent a user to be root on its own machine worldwide.
If you want a strong security model with NFS, you might want to force NFSv4 (NFS_SERVER_VERSMIN=4 in /etc/default/nfs).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error while trying to mount NFS share: "Invalid argument" TheEvilHammer Linux - Software 2 11-12-2009 02:35 AM
OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability win32sux Linux - Security 1 01-10-2009 05:56 PM
LXer: "Linux more secure than Windows", Microsoft vulnerability report suggests LXer Syndicated Linux News 0 08-21-2007 02:30 PM
usb-hdd: "p1 exceeds device capacity"-> not mountable oskar Linux - Hardware 5 07-27-2007 09:41 PM


All times are GMT -5. The time now is 02:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration