Multiple Vendor NFS CD Command Arbitrary File/Directory Access

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to information disclosure.

Description :

The remote NFS server allows users to use a 'cd ..' command
to access other directories besides the NFS file system.

An attacker may use this flaw to read every file on this host.

Solution :

Create a dedicated partition for your NFS exports, and contact your
vendor for a patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: RPC

Nessus Plugin ID: 11357 ()

Bugtraq ID:

CVE ID: CVE-1999-0166