SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Nfs Vendors:   Novell
Novell NetWare NFS (XNFS.NLM) Trusted Host Bug May Let Remote Users Access Restricted Shares
SecurityTracker Alert ID:  1008397
SecurityTracker URL:  http://securitytracker.com/id/1008397
CVE Reference:   CVE-2003-0976   (Links to External Site)
Updated:  Dec 11 2003
Original Entry Date:  Dec 5 2003
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to XNFS.NLM 1.01.08
Description:   A vulnerability was reported in the Novell NetWare NFS services when processing trusted host configurations. A remote user may be able to access an exported NFS share.

It is reported that the NetWare NFS Server (XNFS.NLM) does not properly process hostname aliases correctly in trusted hosts configuration.

The system may export NFS shares to hosts when the hosts should be denied. The system may also incorrectly fail to export some shares.

Impact:   A remote user may be able to access an NFS share that should not be accessible from the remote user's host.
Solution:   The vendor has issued a fixed version of (XNFS.NLM 1.01.08, November 12, 2003) as part of NetWare 6.5 SP1. See the Vendor URL for additional details.
Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm (Links to External Site)
Cause:   Access control error, State error
Underlying OS Comments:  NetWare 6.5

Message History:   None.


 Source Message Contents

Subject:  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm


http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm

 > NFS Server (XNFS.NLM) is not handling hostname aliases correctly in trusted -
 > TID10089375 (last modified 04DEC2003)

 > Novell NetWare 6.5
 >
 > Native File Access for Unix (NFAU)
 >
 > NFS Server
 >
 > XNFS.NLM


Novell reports that the NetWare NFS Server (XNFS.NLM) does not properly process hostname 
aliases correctly in trusted hosts configuration.

The system may export NFS shares to hosts when the hosts should be denied.  The system may 
also incorrectly fail to export some shares.

The vendor has issued a fixed version of (XNFS.NLM 1.01.08, November 12, 2003) as part of 
NetWare 6.5 SP1.



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC