Multiple Vendor NFS Exported Share Information Disclosure
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Multiple Vendors ship with the ability to use the Network File System (NFS) for sharing drives between computers. By default, many of these implementations have little or no security that protects the contents of the shared drives. Due to administrative oversight, drives are also frequently shared without care or thought as to the amount of information available. Rather than sharing a single directory, the entire drive (including sensitive system files) may become available to remote users. In other cases, drives are shared with insecure permissions allowing anyone to mount them, read the files, as well as write or delete files.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Maintain a good security policy for NFS exported drives. Use as many technical controls as possible to restrict access to the drives, and/or require some form of authentication.