Unrestricted NFS export
File systems exported via NFS to arbitrary hosts.
Unauthorized remote access to system and/or user files.
When a file system is exported without restriction, an intruder can
remotely compromise user or system files, and then take over the
- An intruder can remotely replace a system program or configuration
- An intruder can remotely install a .rhosts file to
obtain interactive access.
- An intruder can remotely install a .forward file to
obtain non-interactive access.
- Make sure all file exports specify an explicit list of clients or
- Export file systems read-only where possible.
- Some versions of the NFS mount daemon cannot expand large
netgroups and will export to the world anyway; see also
Cert advisory CA-94:02. Check your vendor patch list.
- In NIS netgroup members, empty host fields are treated as
wildcards and cause the mount daemon to grant access to any host.
- Consider blocking ports 2049 (nfs) and 111 (portmap) on your
- See the
Guide to Cracking for an example of why this is a problem.