HPE Community
Operating System - HP-UX
1820473 Members
3251 Online
109624 Solutions
New Discussion юеВ

NFS mount daemon Vulnerabilities

 
Thomas Pohlen
Advisor

тАО06-07-2001 12:48 AM

тАО06-07-2001 12:48 AM

NFS mount daemon Vulnerabilities

Hi all

on my S800 Server with HP-UX 11.0 the NFS mount daemon (mountd) is operating on an unreserved port

This daemon is probably vulnerable to port hijacking and should be moved to a reserved port.

Which Ports are privileged and is there an Patch for this or how can i let the damon run only on reserved Ports ?

Thanks in Advance
Be patient
0 Kudos
Reply
5 REPLIES 5
Manuel P. Ron
Frequent Advisor

тАО06-07-2001 05:09 AM

тАО06-07-2001 05:09 AM

Re: NFS mount daemon Vulnerabilities

Security in mountd may be implemented using the /etc/export file and say what access implement: hostname, netgroup, dns suffix, etc. With the command 'exportfs' you can actualize your exports options.
Crash programs fail because they are based on the theory that, with nine women pregnant, you can get a baby a month. - Wernher von Braun
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО06-07-2001 05:33 AM

тАО06-07-2001 05:33 AM

Re: NFS mount daemon Vulnerabilities

BTW, security and ports aren't related. In fact, one might argue that things that run as root on reserved ports are actually more insecure than things that run as unpriv'd users on unreserved ports.

If you run unpatched BIND (DNS), then it probably runs as root. If someone compromises it, they're now root. The fact that BIND runs on a reserved port didn't help at all.

The key is making sure your application is well patched and secured regardless of port.
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО06-07-2001 10:01 AM

тАО06-07-2001 10:01 AM

Re: NFS mount daemon Vulnerabilities

BTW, ports are specified by RFC 1700:
http://www.csl.sony.co.jp/cgi-bin/hyperrfc?1700

search for
WELL KNOWN PORTS
in a case sensitive manner.

Port numbers 0 through 1023 are assigned by RFC 1700. This RFC also lists the conventional use of various ports with numbers greater than
1023.

Your program must initially run as root to bind to a port <= 1023.
0 Kudos
Reply
Brian Hackley
Honored Contributor

тАО06-12-2001 07:35 AM

тАО06-12-2001 07:35 AM

Re: NFS mount daemon Vulnerabilities

Thomas,

HP is compatible with Sun who provides the "ONC" code, in that rpc.mountd listens on a port # greater than 1023. There is a -p options for rpc.mountd to allow incoming mount requests from non-privileged port numbers. By default rpc.mountd restricts incoming mount requests to come only from privileged ports (less than 1024).

Brian Hackley
Ask me about telecommuting!
0 Kudos
Reply
Alberto Minichiello
New Member

тАО06-12-2001 11:30 AM

тАО06-12-2001 11:30 AM

Re: NFS mount daemon Vulnerabilities

Hi:

In order to have the functionality Brian mentioned, make sure
you have patch PHNE_23249 plus dependencies (it could have been replaced by a new version, please check), this will also give you NFS over TCP which despite the fact that it carries more overhead is a bit more secure. The man page claims that rpc.mountd has a an option named '-e' which forces rpc.mountd to be invoked every time it has to service a request (instead of running like a daemon) and to check on /var/adm/inetd.sec for which IP addresses is allowed to talk to. I have not been able to make it run though, rpc.mountd does not recognize the '-e' option

Regards
Bonum Est
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.