HighCheck or Attack Name: nfsmknod
The NFS MKNOD vulnerability has been detected as running. Found on some older NFS servers, this vulnerability allows normal users to create special devices that could require root access. When non-administrative users can do this, then an attacker could create a kmem (kernel memory) device and change access to root and circumvent system security.
Warning: Vulnerable machines running the Pyramid operating environment will create an illegal device in the \dev directory, causing the kernel to panic when it accesses the device. Do not run NFS mknod on networks that include Pyramid systems.
Obtain the latest version of the NFS server from your vendor. Many mountd programs support a -nodev option that turns off the ability to create a device. For more information, see your OS documentation.
For specific patch IDs, see the CERT Advisories listed in the References. Sun users apply Patch ID# 100173-13 at http://sunsolve.sun.com/sunsolve/pubpatches/patches.html.
CERT Advisory CA-91.21, SunOS NFS Jumbo and fsirand Patches, http://www.cert.org/advisories/CA-91.21.SunOS.NFS.Jumbo.and.fsirand.html
CERT Advisory CA-94.15, NFS Vulnerabilities, http://www.cert.org/advisories/CA-94.15.NFS.Vulnerabilities.html
CERT Advisory CA-92.15, Multiple SunOS Vulnerabilities Patched, http://www.cert.org/advisories/CA-92.15.Multiple.SunOS.vulnerabilities.patched.html
CERT Advisory CA-93.15, /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities, http://www.cert.org/advisories/CA-93.15.SunOS.and.Solaris.vulnerabilities.html
CERT Advisory CA-94.02, Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability, http://www.cert.org/advisories/CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability.html
CERT Advisory CA-91.21, SunOS NFS Jumbo and fsirand Patches, ftp://info.cert.org/pub/cert_advisories/CA-91:21.SunOS.NFS.Jumbo.and.fsirand
CERT Advisory CA-92.15, Multiple SunOS Vulnerabilities Patched, ftp://info.cert.org/pub/cert_advisories/CA-92:15.Multiple.SunOS.vulnerabilities.patched
CERT Advisory CA-93.15, /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities, ftp://info.cert.org/pub/cert_advisories/CA-93:15.SunOS.and.Solaris.vulnerabilities
CERT Advisory CA-94.02, Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability, ftp://info.cert.org/pub/cert_advisories/CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability
CERT Advisory CA-94.15, NFS Vulnerabilities, ftp://info.cert.org/pub/cert_advisories/CA-94:15.NFS.Vulnerabilities
