version check in nfs-ls?

[Daniel Miller <bonsaiviking () gmail com>]

Hey list,

Ran across an issue with nfs-ls while scanning my HP printer (I was
surprised to see that it had NFS on it!). Here's what I was seeing:

$ sudo nmap --script rpcinfo -p 111,2049 -sU 192.168.1.X
> Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:12 CDT
> Nmap scan report for 192.168.1.X
> Host is up (0.00092s latency).
> PORT     STATE  SERVICE
> 111/udp  open   rpcbind
> | rpcinfo:
> |   program version   port/proto  service
> |   100000  2,2,3,3    34861/udp  rpcbind
> |   100000  2,3        34861/112  rpcbind
> |   100003  2           2049/112  nfs
> |   100003  2           2049/udp  nfs
> |   100005  1          34862/112  mountd
> |_  100005  1          34862/udp  mountd
> 2049/udp open  nfs
> MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)
>
> Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
> $ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X
>
> Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:07 CDT
> Nmap scan report for 192.168.1.X
> Host is up (0.0027s latency).
> PORT     STATE  SERVICE
> 111/udp  open   rpcbind
> | nfs-ls:
> |   Arguments:
> |     maxfiles: 10 (file listing output limited)
> |
> |   NFS Export /hpmnt/dsk_ram0
> |_  ERROR: versions mismatch, nfs v2 - mount v1
> 2049/udp open  nfs
> MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)
>
> Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds

I'm not sure why this version discrepancy matters. I found the check in
nfs-ls.nse:

>   -- use simple chack since NFSv1 is not used anymore.
>   if (mnt_comm.version ~= nfs_comm.version) then
>     rpc.Helper.UnmountPath(mnt_comm, mount)
>     return false, string.format("versions mismatch, nfs v%d - mount v%d",
>                                 nfs_comm.version, mnt_comm.version)
>   end

Commenting out this block allows the script to continue, producing this
output:

> $ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X
>
> Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:14 CDT
> Nmap scan report for 192.168.1.X
> Host is up (0.0019s latency).
> PORT     STATE SERVICE
> 111/udp  open  rpcbind
> | nfs-ls:
> |   Arguments:
> |     maxfiles: 10 (file listing output limited)
> |
> |   NFS Export: /hpmnt/dsk_ram0
> |     PERMISSION  UID  GID  SIZE  MODIFICATION TIME  FILENAME
> |     drwxrwxrwx  0    0    512   2011-04-08 10:44   /hpmnt/dsk_ram0
> |     drwxrwxrwx  0    0    512   2011-04-08 10:44   PJL
> |     drwxrwxrwx  0    0    512   2011-04-08 10:44   PostScript
> |     drwxrwx---  0    0    512   2011-04-08 10:44   saveDevice
> |_    drwxrwxrwx  7    0    512   2011-04-08 10:44   webServer
> 2049/udp open  nfs
> MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard)
>
> Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

Anyone able to shed light on this? In what cases is this check necessary?
Possibly related: I have been unable to mount the directory with mount.nfs.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/