Vulnerability Name:

CVE-1999-0548 (CCN-70)

Assigned:1997-07-01
Published:1997-07-01
Updated:2005-10-20
Summary:A superfluous NFS server is running, but it is not importing or exporting any file systems.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-1999-0548

Source: XF
Type: UNKNOWN
nfs-mountd(70)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-1999-0548 (CCN-74)

    Summary:NFS was found to be mountable. The security of NFS relies heavily on who is allowed to mount the files that a server exports, and whether they are exported read-only. Through NFS, an attacker can gain access to files in the export directory. Some administrators purposefully export directories for everyone to be able to gain access to the data.
    CVSS v3 Severity:
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Other
    References:Source: MITRE
    Type: CNA
    CVE-1999-0548

    Vulnerability Name:

    CVE-1999-0548 (CCN-76)

    Summary:The NFS service was found. NFS (Network File System) is a file sharing protocol for Unix platforms. Security of NFS relies heavily upon who is allowed to mount the volumes that a server exports, and whether or not they are exported read-only. Improperly configured access permissions on exported volumes can permit an attacker to gain access to critical files.
    CVSS v3 Severity:
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-1999-0548

    Source: MITRE
    Type: CNA
    CVE-1999-0554

    Source: MITRE
    Type: CNA
    CVE-1999-0631

    Source: CCN
    Type: CERT Advisory CA-1991-21
    SunOS NFS Jumbo and fsirand Patches

    Source: CCN
    Type: CERT Advisory CA-1993-15
    /usr/lib/sendmail, /bin/tar, and /dev/audio Vulnerabilities

    Source: CCN
    Type: CERT Advisory CA-1994-02
    Revised Patch for SunOS /usr/etc/rpc.mountd Vulnerability

    Source: CCN
    Type: CERT Advisory CA-1994-15
    NFS Vulnerabilities

    Source: CCN
    Type: BID-24
    SunOS rpc.mountd Vulnerability

    Source: XF
    Type: UNKNOWN
    nfs-mountd(70)

    Source: XF
    Type: UNKNOWN
    nfs-export(74)

    Source: XF
    Type: UNKNOWN
    nfs-nfsd(76)

    BACK
    ibm aix *
    windriver bsdos *
    hp hp-ux *
    sgi irix *
    linux linux kernel *
    sun solaris *
    data_general dg ux *
    sco unix *
    compaq tru64 *