[506] in linux-announce channel archive
Linux Security FAQ Update#1 - Universal NFS Server 2.0
daemon@ATHENA.MIT.EDU (Lars Wirzenius)
Fri May 5 12:46:44 1995
Date: Fri, 5 May 1995 17:29:51 +0300
From: Lars Wirzenius <wirzeniu@cc.helsinki.fi>
To: linux-activists@niksula.hut.fi, linux-announce@vger.rutgers.edu
X-Mn-Key: announce
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Subject: Linux Security FAQ Update#1 - Universal NFS Server 2.0
Newsgroups: comp.os.linux.announce
Keywords: security, networking, NFS
Organization: ?
Approved: linux-announce@news.ornl.gov (Lars Wirzenius)
Followup-to: comp.os.linux.networking
References:
NFS and Linux
LINUX SECURITY FAQ UPDATE
April 6, 19:50 EST
Copyright (C) 1995 Alexander O. Yuriev
CIS Laboratories, TEMPLE UNIVERSITY
<alex@bach.cis.temple.edu>
This is not a release of Linux Security FAQ. It is just an urgent update that
has to be published because of the *FACT* that Linux system administrators
are not aware of this problem.
LINUX SYSTEM AS NFS CLIENT
The Network File System support in Linux is splited into
two parts. As a client, Linux has ability to access NFS
volumes using nfs support which is incorporated into kernel.
Presently, it is unknown if Linux kernel is volunerable
to spoofed information. There are no incidents known to
Olaf Kirch, Jeff Uphoff or me.
LINUX SYSTEM AS NFS SERVER
In order to provide NFS service, Linux system has to run a
set of 3 programs:
* Portmapper (rpc.portmap)
Mount Daemon (rpc.mountd)
* NFS Server (rpc.nfsd)
Two of these 3 programs have *BIG* problems in all Slackware
Linux distributions, that according to John Uphoff includes
Slackware 2.2.0 that was recently released. All distributions
released before March 12, 1995 are subject to one or more of
those holes.
Linux Portmapper (rpc.portmap)
We are not aware of any Linux distribution that does
not have a hole in a portmapper. You will also need
tcp wrapper library to compile it.
Linux NFS Server
The Universal NFS Server used by Linux distributions
is known to have *BIG* holes, including incorrect
implementation of (root_squash) and virtually
no authentication. The most secure Linux NFS Server
as of today is Universal NFS Server 2.2 patched by
Olaf Kirch.
Linux Mount Daemon
There are no known problems with Linux mount daemon
by itself. The problem was the nfsd 2.0 had a hole
that allowed to remote site to access entire tree
of a partiotion even when rpc.mountd was not running
at all.
FIXES AND PATCHES
Secure portmapper:
ftp://linux.nrao.edu/pub/linux/security/nfsd/portmap-3.tar.gz
Universal NFS Server 2.2alpha3
ftp://linux.nrao.edu/pub/linux/security/nfsd/nfs-server-2.2alpha3.tar.gz
---------CUT-HERE--------------CUT-HERE-------------CUT-HERE--------------
=============================================================================
CIS Laboratories email: alex@bach.cis.temple.edu
TEMPLE UNIVERSITY ayuriev@yoda.cis.temple.edu
USA Tel: 1-800-DEV-NULL
http://bach.cis.temple.edu
=============================================================================
--
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember Keywords: and a short description of the software.
