SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Nfs Vendors:   [Multiple Authors/Vendors]
NFS Directory Traversal Flaw Lets Remote Authenticated Users Access Files
SecurityTracker Alert ID:  1009595
SecurityTracker URL:  http://securitytracker.com/id/1009595
CVE Reference:   CVE-1999-0166   (Links to External Site)
Date:  Mar 30 2004
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in NFS. A remote authenticated user can gain access to files that were not exported.

In 1999 the following CVE entry (1999-0166) was posted involving an NFS vulnerability. A remote authenticated user can use the "cd .." command to access directories other than the exported file system.

[Editor's Note: This vulnerability may have been initally reported to CERT in 1994]

Impact:   A remote authenticated user can access directories other than the exported file system.
Solution:   Patches and configuration settings recommendations are available from various vendors.
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  CVE-1999-0166


 > CVE-1999-0166

 > NFS allows users to use a "cd .." command to access other directories besides
 > the exported file system.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC