The FreeBSD nfsd Malformed NFS Mount Request Denial of Service Vulnerability showed up in a report for a scan of a Dell Power Edge 2950 storage server that was pre load from the factory with Windows server 2003 SP1 R2.
NFS is running on port 2049 and is NFS from the Windows Services for UNIX 3.0. The server didn't crash, and I was wondering if the false positive was created by some time out condition waiting for the response back from the server. If the fasle positive was create by a time out condition is there some way I can tweak Nessus to account for this? Synopsis : The remote host is affected by a denial of service vulnerability. Description : The NFS server on the remote host appears to be one from FreeBSD that causes a kernel panic when it receives a malformed NFS mount request via TCP. An unauthenticated remote attacker can leverage this flaw to crash the remote host. See Also : http://lists.immunitysec.com/pipermail/dailydave/2006-February/002982.html ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:10.nfs.asc Solution: Use a firewall to restrict access to the NFS server or upgrade / patch the affected system as described in the vendor advisory above. Risk Factor : Medium / CVSS Base Score : 5 (AV:R/AC:L/Au:NR/C:N/A:C/I:N/B:A) BID : 16838 Plugin ID : 20989 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
