I have installes OpenBSD 3.8. I exported a directory with /mnt/gamma -maproot=root 192.168.1.14
line in /etc/exports Next I tested the server with Nessus vulnerability scaner and it found a hole in NFS: --- The remote NFS server allows users to use a 'cd ..' command to access other directories besides the NFS file system. The listing of /mnt/gamma is : - . - .. - gamma.packages - dir1 - dir2 - pack - subow - sub After having sent a 'cd ..' request, the list of files is : - . - .. - gamma - file1 An attacker may use this flaw to read every file on this host Solution : Contact your vendor for a patch Risk factor : High CVE : CVE-1999-0166 --- This seems like an old (1999) hole. Is there any patch for it or did I do anything wrong? M.Marusak
