Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.


  Search this Thread
Old 12-03-2009, 09:41 AM   #1
Senior Member
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Solaris 10 "NFS Share User Mountable" Nessus vulnerability

I need to fix the following Nessus vulnerability (odd punctuation sic) -

Synopsis :;;It is possible to access the remote NFS shares without having root privileges.;;Description :;;Some of the NFS shares exported by the remote server could be;mounted by the scanning host. An attacker may exploit this problem;to gain read (and possibly write) access to files on remote host.;;Note that root privileges were not required to mount the remote shares. That is,;the source port to mount the shares was bigger than 1024.;;Solution :;;Configure NFS on the remote host so that only authorized hosts can mount;the remote shares.;;The remote NFS server should prevent mount requests originating from a non-privileged port.;;Risk factor :;;High / CVSS Base Score : 7.5;(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P);;Plugin output :;;The following NFS shares could be mounted without root privileges: [etc]
I have a
SunOS av1 5.10 Generic_141414-02 sun4u sparc SUNW,Sun-Fire-V445

My Googling has revealed the "nfs_portmon" option, so at the end of /etc/system I have
set nfssrv:nfs_portmon = 1
and the server has been rebooted, and it's taken effect:
$ sudo adb -k
physmem fb35d
nfs_portmon /D
nfs_portmon:    1
yet mountd is still not on a reserved port:
$ rpcinfo -p | grep mountd
    100005    1   udp  32797  mountd
    100005    1   tcp  32783  mountd
    100005    2   udp  32797  mountd
    100005    2   tcp  32783  mountd
    100005    3   udp  32797  mountd
    100005    3   tcp  32783  mountd
and subsequent scans still return the same thing.

Where am I going wrong?
Old 12-04-2009, 02:15 AM   #2
Registered: Nov 2004
Location: Turkey
Distribution: Slackware
Posts: 145

Rep: Reputation: 16
You have to modify share options by giving necessary permissions to necessary hosts. For example to give rw access to host:

 share -F nfs -o rw= /export/home/scoban
I do not know if it gives any advantages starting the mount daemon with <1024 ports...
Old 12-09-2009, 09:13 AM   #3
Senior Member
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Original Poster
Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Not sure restricting to certain clients is an option, as this Very Important Server's NFS exports are mounted by employees worldwide.

Anyway, this post seems to indicate that I can't do this in Solaris 10 either, but I don't know where to find the RFE to check. I searched Google and Sunsolve (after logging in, and yep we have a support contract) but couldn't find it.
Old 12-09-2009, 07:00 PM   #4
Registered: Feb 2004
Location: Outside Paris
Distribution: Solaris 11.4, Oracle Linux, Mint, Ubuntu/WSL
Posts: 9,784

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
After trying to understand the poorly worded problem description, it seems to me the risk factor is not that much due to using a reserved port or not but more to sharing a file system to anyone. Implementing the "-p port" option wouldn't really solve that issue as I suspect you haven't any way to prevent a user to be root on its own machine worldwide.
If you want a strong security model with NFS, you might want to force NFSv4 (NFS_SERVER_VERSMIN=4 in /etc/default/nfs).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Error while trying to mount NFS share: "Invalid argument" TheEvilHammer Linux - Software 2 11-12-2009 01:35 AM
OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing Vulnerability win32sux Linux - Security 1 01-10-2009 04:56 PM
LXer: "Linux more secure than Windows", Microsoft vulnerability report suggests LXer Syndicated Linux News 0 08-21-2007 01:30 PM
usb-hdd: "p1 exceeds device capacity"-> not mountable oskar Linux - Hardware 5 07-27-2007 08:41 PM > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 10:40 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration