【漏洞修复】NFS Exported Share Infomation Disclosure
前言
运维的机器扫描漏洞扫出了NFS Exported Share Information Disclosure
高危漏洞
漏洞描述
描述:至少有一个由远程服务器导出的NFS共享可以被扫描主机挂载。攻击者可能利用这个漏洞来读取(甚至写入)远程主机上的文件。
原始描述
Description: At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host.
Solution: Configure NFS on the remote host so that only authorized hosts can mount its remote shares.
See Also:
STIG Severity:
Vulnerability Priority Rating: 5.9
CVSS V2 Base Score: 10.0
CVSS V2 Temporal Score:
CVSS V2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE: CVE-1999-0170,CVE-1999-0211,CVE-1999-0554
Cross References:
First Discovered: Jun 14, 2023 10:40:47 CST
Last Observed: Jun 14, 2023 10:40:47 CST
Exploit Ease: Exploits are available
Exploit Frameworks: Metasploit (NFS Mount Scanner)
修复
修复:请在远程主机上配置NFS,以确保只有授权的主机可以挂载其远程共享。
配置白名单即可。
进入共享的主机:
vim /etc/hosts.allow
mountd:10.170.129.101/105:allow
rpcbind:10.170.129.101/105:allow
vim /etc/hosts.deny
showmount:ALL
mountd:all
这样配置后,只有10.170.129.101到105的5台机器能访问nfs
本文来自:【漏洞修复】NFS Exported Share Infomation Disclosure -小码农,转载请保留本条链接,感谢!
- 本文标签: NFS 漏洞
- 本文链接: https://djc8.cn/archives/bug-fix-nfs-exported-share-infomation-disclosure.html
- 版权声明: 本文由小码农原创发布,转载请遵循《署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0)》许可协议授权