rpc.mountd MOUNT request access allowed
| rpcmountd-mount-gain-access (13807) |  Medium Risk |
Description:
rpc.mountd (NFS mount daemon) could allow an attacker to gain unauthorized access. If the -n option is enabled, the daemon does not advertise TCP for mount. A remote attacker could send a MOUNT request from an unprivileged port, and under specific circumstances, rpc.mountd will allow the request, even if the -n option is disabled.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of IRIX (6.5.23 or later), as listed in SGI Security Advisory 20031102-01-P. See References.
— OR—
Apply the appropriate patch for your system, as listed in SGI Security Advisory 20031102-01-P. See References.
References:
- Full-Disclosure Mailing List, Fri Nov 21 2003 - 13:09:34 CST: rpc.mountd Vulnerabilities on SGI IRIX.
- BID-9085: SGI rpc.mountd Unauthorized Drive Mounting Vulnerability
- BID-909: IRIX midikeys/soundplayer Vulnerability
- CVE-2003-0796: Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
Platforms Affected:
- SGI IRIX 6.5
- SGI IRIX 6.5 20
- SGI IRIX 6.5.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.10f
- SGI IRIX 6.5.10m
- SGI IRIX 6.5.11
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.12
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.13
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.14
- SGI IRIX 6.5.14f
- SGI IRIX 6.5.14m
- SGI IRIX 6.5.15
- SGI IRIX 6.5.15f
- SGI IRIX 6.5.15m
- SGI IRIX 6.5.16
- SGI IRIX 6.5.16f
- SGI IRIX 6.5.16m
- SGI IRIX 6.5.17
- SGI IRIX 6.5.17f
- SGI IRIX 6.5.17m
- SGI IRIX 6.5.18
- SGI IRIX 6.5.18f
- SGI IRIX 6.5.18m
- SGI IRIX 6.5.19
- SGI IRIX 6.5.19f
- SGI IRIX 6.5.19m
- SGI IRIX 6.5.2
- SGI IRIX 6.5.20
- SGI IRIX 6.5.20f
- SGI IRIX 6.5.20m
- SGI IRIX 6.5.21
- SGI IRIX 6.5.21f
- SGI IRIX 6.5.21m
- SGI IRIX 6.5.22
- SGI IRIX 6.5.2f
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.3
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.4
- SGI IRIX 6.5.4f
- SGI IRIX 6.5.4m
- SGI IRIX 6.5.5
- SGI IRIX 6.5.5f
- SGI IRIX 6.5.5m
- SGI IRIX 6.5.6
- SGI IRIX 6.5.6f
- SGI IRIX 6.5.6m
- SGI IRIX 6.5.7
- SGI IRIX 6.5.7f
- SGI IRIX 6.5.7m
- SGI IRIX 6.5.8
- SGI IRIX 6.5.8f
- SGI IRIX 6.5.8m
- SGI IRIX 6.5.9
- SGI IRIX 6.5.9f
- SGI IRIX 6.5.9m
Reported:
Nov 21, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net