Multiple Vendor NFS CD Command Arbitrary File/Directory Access

medium Nessus Plugin ID 11357

Synopsis

The remote service is vulnerable to information disclosure.

Description

The remote NFS server allows users to use a 'cd ..' command to access other directories besides the NFS file system.

An attacker may use this flaw to read every file on this host.

Solution

Create a dedicated partition for your NFS exports, and contact your vendor for a patch.

Plugin Details

Severity: Medium

ID: 11357

File Name: nfs_dotdot.nasl

Version: 1.22

Type: remote

Family: RPC

Published: 3/12/2003

Updated: 8/13/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: rpc/portmap

Vulnerability Publication Date: 1/1/1991

Reference Information

CVE: CVE-1999-0166