Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: Solaris, bypassing nfs_portmon |
| July 2009 by Vigil@nce |
| A NFSv4 client can bypass the nfs_portmon directive in order to connect to the server. |
| Severity: 1/4 Consequences: data reading Provenance: intranet client Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Creation date: 02/07/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The nfs_portmon configuration directive of the Solaris kernel requires NFS clients, which connect to the local server, to use a privileged source port number (between 512 and 1023). This directive improves the security level (requires the client to be root), but it is no sufficient in a free environment. The checkauth() function of the usr/src/uts/common/fs/nfs/nfs_server.c file checks NFS authentication, and honours nfs_portmon. However, the checkauth4() function, specific to NFSv4 and derived from checkauth(), does not contain the code checking nfs_portmon. A NFSv4 client can therefore connect to the NFS server of Solaris with a source port number superior to 1024. CHARACTERISTICS Identifiers: 262668, BID-35546, VIGILANCE-VUL-8836 http://vigilance.fr/vulnerability/Solaris-bypassing-nfs-portmon-8836 |
< previous next > |
OpenSolaris
