[195] in linux-security and linux-alert archive
LINUX FAQ Update (Linux and NFS)
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Apr 6 21:41:09 1995
To: linux-security@tarsier.cv.nrao.edu
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Date: Thu, 6 Apr 1995 19:47:34 -0400 (EDT)
***************CUT HERE******************************CUT HERE**************
NFS and Linux
LINUX SECURITY FAQ UPDATE
April 6, 19:50 EST
Copyright (C) 1995 Alexander O. Yuriev
CIS Laboratories, TEMPLE UNIVERSITY
<alex@bach.cis.temple.edu>
(CREDITS: Olaf Kirch and Jeff Uphoff)
This is not a release of Linux Security FAQ. It is just an urgent update
that has to be published because of the fact that many Linux system
administrators are not aware of this problem.
LINUX SYSTEM AS NFS CLIENT
The Network File System support in Linux is split into
two parts. As a client, Linux has ability to access NFS
volumes using nfs support incorporated into the kernel.
Presently, it is unknown if Linux kernel is vulnerable
to spoofed information. There are as yet no incidents
known to Olaf Kirch, Jeff Uphoff or me.
LINUX SYSTEM AS NFS SERVER
In order to provide NFS service, Linux system has to run a
set of 3 programs:
* Portmapper (rpc.portmap)
Mount Daemon (rpc.mountd)
* NFS Server (rpc.nfsd)
Two of these 3 programs have *BIG* problems in all Slackware
Linux distributions, that according to Jeff Uphoff includes
Slackware 2.2.0 that was recently released. _All_
distributions released before March 12, 1995 are subject
to one or more of those holes, as are many released
after that date.
Linux Portmapper (rpc.portmap)
We are not aware of any Linux distribution that does
not have a hole in a portmapper. You will also need
tcp wrapper library to compile it.
Linux NFS Server
The Universal NFS Server used by Linux distributions
is known to have *BIG* holes, including incorrect
implementation of (root_squash) and virtually
no authentication. The most secure Linux NFS Server
as of today is Universal NFS Server 2.2 patched by
Olaf Kirch.
Linux Mount Daemon
There are no known problems with Linux mount daemon
by itself. The problem was the nfsd 2.0 had a hole
that allowed to remote site to access entire tree
of a partition even when rpc.mountd was not running
at all.
FIXES AND PATCHES
Secure portmapper:
ftp://linux.nrao.edu/pub/linux/security/nfsd/portmap-3.tar.gz
Universal NFS Server 2.2alpha3
ftp://linux.nrao.edu/pub/linux/security/nfsd/nfs-server-2.2alpha3.tar.gz
***************CUT HERE******************************CUT HERE**************
=============================================================================
CIS Laboratories email: alex@bach.cis.temple.edu
TEMPLE UNIVERSITY ayuriev@yoda.cis.temple.edu
USA Tel: 1-800-DEV-NULL
=============================================================================
