Bugtraq mailing list archives
Re: CERT, about NFS
From: cellwood () gauss ELEE CalPoly EDU (Chris Ellwood)
Date: Thu, 22 Dec 1994 14:10:59 -0800 (PST)
Leo Bicknell said...
I recall an old bug (possibly in a CERT advisory) about NFS and exporting to localhost. I can't remember what it is off the top of my head, and I'm not at school to look it up, but I think it was something along the lines of if you mounted a filesystem to localhost permissions were no longer checked for some reason.
The problem with a host exporting filesystems to itself is that most portmappers act as a "proxy", forwarding RPC calls to the appropriate RPC daemon on the local host (apparently this is a "feature"). So what you do is get the remote portmapper to forward a mount request to rpc.mountd. If the filesystem you request is exported to the local host, then rpc.mountd will happily return a valid filehandle (since it thinks the local host is mounting the filesystem). The portmapper then returns the valid filehandle to you, which you can exploit at your convenience. There is a program called 'nfsbug' that will check for this and several other major NFS holes. I don't know where it is archived though. - Chris <cellwood () gauss calpoly edu> EL/EE Department System Administrator - Cal Poly, San Luis Obispo
Current thread:
- CERT, about NFS der Mouse (Dec 21)
- Re: CERT, about NFS John Hawkinson (Dec 21)
- Re: CERT, about NFS Jim Duncan (Dec 21)
- Re: CERT, about NFS Scott Schwartz (Dec 21)
- Bugtraq reorganization notes Kevin at Freeside Support (Dec 21)
- Re: CERT, about NFS Leo Bicknell (Dec 22)
- Re: CERT, about NFS Oliver Friedrichs (Dec 22)
- (fwd) HP-UX 9.x: /usr/lib/expreserve creates files anywhere (fwd) Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Chris Ellwood (Dec 22)
- Re: CERT, about NFS Paul 'Shag' Walmsley (Dec 22)
- <Possible follow-ups>
- Re: CERT, about NFS Dave Mitchell (Dec 22)
- Re: CERT, about NFS Steinar Haug (Dec 22)
- Re: CERT, about NFS Bela Lubkin (Dec 22)
- Re: CERT, about NFS der Mouse (Dec 22)
- Re: CERT, about NFS Scott Schwartz (Dec 22)
- Re: CERT, about NFS phil servita (Dec 22)