nfswrite

Vulnerability Description

Brief description: Exporting an NFS volume makes it writeable

Full description: Unless access is restricted to specific systems, an NFS file system is available to any host. Unless it is marked read-only, it is writeable by any user except root .

Components: NFS

Systems: Any system running a version of NFS

Effect(s) of exploiting: Attacker can alter or create files on the file system.

Detecting the hole:

1. If you have login access to the system:
   1. Check the NFS exports file (usually /etc/exports or /etc/dfs/dfsshare ) to see if the exported volumes have access control (option -access=host1,...) and/or read only (option -ro).
2. If you do not have login access to the system:
   1. Run showmount -e host with host being the name of the target host.

Fixing the hole:

1. You must have root access.
   1. In the NFS exports file, add the option -ro to make the export read only.

Other information:

Keywords

NFS access control

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

Exploit Information

Attack: Mount the file system and create a file.

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Matt Bishop (6/29/2000):
   Initial entry