| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2009-2296
Solaris: bypassing nfs_portmon
Synthesis of the vulnerability
| A NFSv4 client can bypass the nfs_portmon directive in order to connect to the server. |
Severity: 1/4.
Creation date: 02/07/2009.
|
Impacted products
Description of the vulnerability
The nfs_portmon configuration directive of the Solaris kernel requires NFS clients, which connect to the local server, to use a privileged source port number (between 512 and 1023). This directive improves the security level (requires the client to be root), but it is no sufficient in a free environment.
The checkauth() function of the usr/src/uts/common/fs/nfs/nfs_server.c file checks NFS authentication, and honours nfs_portmon. However, the checkauth4() function, specific to NFSv4 and derived from checkauth(), does not contain the code checking nfs_portmon.
A NFSv4 client can therefore connect to the NFS server of Solaris with a source port number superior to 1024. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: Solaris: bypassing nfs_portmon.
Keywords: 512 1023 1024 NFS NFSv4 Solaris bypassing checkauth4 nfs_portmon nfs_server.
Identifiers: 262668, BID-35546, CERTA-2009-AVI-268, CVE-2009-2296, VIGILANCE-VUL-8836.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
Vigil@nce provides a system vulnerability workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.
|
