attack
Click on the red underlined text to get to the source
... clients are trusted and under control (in particular, protected
from physical attack), relying of trusted ports MAY be a reliable
form of security ...
... port monitoring for
security is at best an inconvenience to the attacker and SHOULD NOT
be depended on.
...
... NFS operations used to mount a
file system. While an attacker could exploit this implementation
artifact, the exposure is limited to gaining the attributes of a file
or a file system ...
... An attacker can circumvent the MOUNT server's access control to
gain access to a file system ...
... access control to
gain access to a file system that the attacker is not authorized
for. The circumvention is accomplished by either stealing a file
handle (usually by snooping ...
... legitimate client and server) or guessing a file handle. For
this attack to succeed, the attacker must still be able
impersonate a user's credentials ...
... client and server) or guessing a file handle. For
this attack to succeed, the attacker must still be able
impersonate a user's credentials, which is simple for AUTH ...
... privacy service, then it would
be possible to execute a denial of service attack, whereby the
objective of the caller is to deny CPU ...
... query a Version 3 MOUNT
server, then the following attacks are possible by an attacker in the
middle:
...
... Version 3 MOUNT
server, then the following attacks are possible by an attacker in the
middle:
...
... client's NFS request will be rejected. So
at worst, a denial of service attack is possible. In theory, the
NFS client ...
... security flavor in the MOUNT
protocol query, an attacker in the middle could cause the client
to use the weaker form of security ...