NFS Share User Mountable

high Nessus Plugin ID 15984

Synopsis

Nessus was able to access sensitive information from remote NFS shares without having root privileges.

Description

Nessus was either able to mount some of the NFS shares exported by the remote server or disclose potentially sensitive information such as a directory listing. An attacker may exploit this issue to gain read and possibly write access to files on remote host.

Note that root privileges were not required to mount the remote shares since the source port to mount the shares was higher than 1024.

Solution

Configure NFS on the remote host so that only authorized hosts can mount the remote shares. The remote NFS server should prevent mount requests originating from a non-privileged port.

Plugin Details

Severity: High

ID: 15984

File Name: nfs_user_mount.nasl

Version: 1.14

Type: remote

Family: RPC

Published: 12/16/2004

Updated: 8/1/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

Required KB Items: rpc/portmap, nfs/exportlist

Excluded KB Items: nfs/noshares