Note: This is an archival copy of Security Sun Alert 253588 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020173.1.
Solaris 10 Operating System
Date of Resolved Release
Security vulnerability in the Solaris NFS server security modes (nfssec(5)) may lead to unauthorized access to shared resources:
A security vulnerability in the Solaris NFS server may lead to unauthorized access to file systems shared via NFS if those resources are shared using a combination of "none" (AUTH_NONE) and "sys" (AUTH_SYS) (see nfssec(5)) security modes.
2. Contributing Factors
This issue can occur in the following releases:
Note 2: Only NFS servers which export shares with AUTH_NONE used in combination with the security mode AUTH_SYS are impacted by this issue. To determine if a system is configured to run as an NFS server (see smf(5)), the following command can be used:
$ svcs nfs/serverTo determine if a system exports shares that have AUTH_NONE used in combination with AUTH_SYS, run the following command on the server (see share_nfs(1M)):
$ shareIf the output of the share(1M) command includes NFS shares with "sec=sys" and "sec=none", then the NFS server shares resources with AUTH_NONE used in combination with the security mode AUTH_SYS.
Note 3: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v
There are no predictable symptoms that would indicate the described vulnerability has been exploited to gain unauthorized access to exported data.
To avoid this issue until patches can be applied, do not export NFS shares on the NFS server using AUTH_NONE and AUTH_SYS in combination.
This issue is addressed in the following releases:
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment