Hello all,
Our vulnerability scanner is reporting several NFS-related vulnerabilities with FOG:
[B]High:[/B] NFS Share User Mountable: It is possible to access the remote NFS shares without having root privileges.
Some of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may exploit this problem to gain read (and possibly write) access to files on remote host.
Note that root privileges were not required to mount the remote shares. That is, the source port to mount the shares was bigger than 1024.
[B]Medium:[/B] NFS Exported Share Information Disclosure: It is possible to access NFS shares on the remote host.
At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host.
[B]Medium: [/B]NFS Shares World Readable: The remote NFS server exports world-readable shares.
The remote NFS server is exporting one or more shares without restricting access (based on hostname, IP, or IP range).
Any ideas on resolving these? Or is it even possible to resolve these and maintain FOG functionality?
Thanks for any advice.