Check or Attack Name: nfspmap

NFS was found to be mountable via portmapper. An attacker can mount the system through the portmapper, gaining access to a restricted host. To the portmapper, it seems as if the local host is mounting, since the local host is permitted to mount itself.

Check the configuration of /etc/exports on your host:

• Do not self-reference an NFS server in its own exports file.
• Do not allow the exports file to contain a \localhost\ entry.
• Export file systems only to hosts that require them.
• Export only to a fully qualified host name.
• Ensure that export lists do not exceed 256 characters.
• Use the showmount utility to check that exports are correct.

Wherever possible, mount file systems to be exported as read-only and export file systems as read-only.

For specific patch IDs, see the CERT Advisories listed in the References.

SunSolve Online Public Patch Access, Patch IDs 100173-13 "SunOS 4.1.3: NFS Jumbo Patch (191274 bytes)" and 102034-05 "SunOS 5.3: usr/sbin/rpcbind patch (106355 bytes)", http://sunsolve.sun.com/sunsolve/pubpatches/patches.html

CERT Advisory CA-93.15, /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities, http://www.cert.org/ftp/cert_advisories/CA-93:15.SunOS.and.Solaris.vulnerabilities

CERT Advisory CA-94.02, Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability, http://www.cert.org/ftp/cert_advisories/CA-94:02.REVISED.SunOS.rpc.mountd.vulnerability

CERT Advisory CA-94.15, NFS Vulnerabilities, http://www.cert.org/ftp/cert_advisories/CA-94:15.NFS.Vulnerabilities

CERT Advisory CA-92.15, Multiple SunOS Vulnerabilities Patched, http://www.cert.org/ftp/cert_advisories/CA-92:15.Multiple.SunOS.vulnerabilities.patched

CERT Advisory CA-91.21, SunOS NFS Jumbo and fsirand Patches, http://www.cert.org/ftp/cert_advisories/CA-91:21.SunOS.NFS.Jumbo.and.fsirand