• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Nessus reporting Fog-related Vulnerabilities

    Scheduled Pinned Locked Moved
    FOG Problems
    1
    1
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Evan Blackstone
      last edited by

      Hello all,

      Our vulnerability scanner is reporting several NFS-related vulnerabilities with FOG:

      [B]High:[/B] NFS Share User Mountable: It is possible to access the remote NFS shares without having root privileges.
      Some of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may exploit this problem to gain read (and possibly write) access to files on remote host.

      Note that root privileges were not required to mount the remote shares. That is, the source port to mount the shares was bigger than 1024.

      [B]Medium:[/B] NFS Exported Share Information Disclosure: It is possible to access NFS shares on the remote host.
      At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host.

      [B]Medium: [/B]NFS Shares World Readable: The remote NFS server exports world-readable shares.
      The remote NFS server is exporting one or more shares without restricting access (based on hostname, IP, or IP range).

      Any ideas on resolving these? Or is it even possible to resolve these and maintain FOG functionality?

      Thanks for any advice.

      1 Reply Last reply Reply Quote 0
      • 1 / 1
      • First post
        Last post

      132

      Online

      12.1k

      Users

      17.3k

      Topics

      155.3k

      Posts
      Copyright © 2012-2024 FOG Project