On Wed, 21 Jun 2006, Martin Marusak wrote:
> I have installes OpenBSD 3.8. I exported a directory with
> /mnt/gamma -maproot=root 192.168.1.14
>
> line in /etc/exports
>
> Next I tested the server with Nessus vulnerability scaner and it found a
> hole in NFS:
> ---
> The remote NFS server allows users to use a 'cd ..' command
> to access other directories besides the NFS file system.
>
> The listing of /mnt/gamma is :
> - .
> - ..
> - gamma.packages
> - dir1
> - dir2
> - pack
> - subow
> - sub
>
> After having sent a 'cd ..' request, the list of files is :
> - .
> - ..
> - gamma
> - file1
> An attacker may use this flaw to read every file on this host
Please be more precise. Where is file1 located? What is "this" host? On
the server or the client? Also, you do not describe how the filesystem
is mounted.
-Otto
>
> Solution : Contact your vendor for a patch
> Risk factor : High
> CVE : CVE-1999-0166
> ---
>
> This seems like an old (1999) hole. Is there any patch for it or did I do
> anything wrong?
>
> M.Marusak
