944135 – (CVE-1999-0548) VUL-2: CVE-1999-0548: nfs: superflous nfs server running

Bug 944135 (CVE-1999-0548) - VUL-2: CVE-1999-0548: nfs: superflous nfs server running

Summary: VUL-2: CVE-1999-0548: nfs: superflous nfs server running

Status:	RESOLVED INVALID

Alias:	CVE-1999-0548

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-09-02 08:45 UTC by Marcus Meissner
Modified:	2015-09-02 10:44 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-09-02 08:45:06 UTC

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0548

A superfluous NFS server is running, but it is not importing or exporting any file systems.



There is a Nessus check that looks for the 2049 NFS RPC service and sees if
it does not export shares.

(showmount -e hostname   returns empty list)

Comment 1 Marcus Meissner 2015-09-02 08:45:47 UTC

This is a misconfiguration issue and not a security issues to my eyes.

Comment 2 Marcus Meissner 2015-09-02 08:47:03 UTC

perl bin/addnote CVE-1999-0548 "This CVE is reported by scanners seeing a NFS RPC service (port 2049) where no shares are exported. You can verify this with 'showmount -e HOSTNAME'. It is not a security issue, more a configuration issue. Check if the NFS server is disabled on the remote machine if it is not in use."