NFS Access Control Misconfiguration - Everyone Shared

漏洞信息

漏洞名称： NFS Access Control Misconfiguration - Everyone Shared

漏洞类型： 配置问题

漏洞等级： 高危

漏洞描述： 该漏洞涉及NFS（网络文件系统）的访问控制配置不当问题。NFS是一种允许不同计算机之间共享文件和目录的协议，广泛应用于企业级服务和网络环境中。当NFS的访问控制配置不当，例如使用all_squash选项或允许所有主机（*）访问时，未经授权的用户可能无需认证即可挂载共享目录，导致敏感文件的暴露或被篡改。

漏洞的技术根源在于NFS配置文件中（如/etc/exports）的错误配置，缺乏严格的访问控制限制。这种配置问题使得攻击者能够绕过预期的安全措施，直接访问或修改共享目录中的文件。

此漏洞的安全风险较高，可能导致敏感信息泄露、数据完整性受损，甚至服务中断。由于漏洞利用不需要认证，攻击者可以相对容易地自动化执行攻击。因此，对于使用NFS的组织和个人来说，及时检查和修正NFS的配置是至关重要的安全措施。

产品名称： NFS

来源： https://github.com/projectdiscovery/nuclei-templates/blob/dfc176303ffebe3d9f231045fa3abe2cf2ca9874/misconfiguration%2Flinux%2Flinux-nfs-everyone-access.yaml

类型： projectdiscovery/nuclei-templates:github issues

POC详情

id: linux-nfs-everyone-access

info:
  name: NFS Access Control Misconfiguration - Everyone Shared
  author: songyaeji
  severity: high
  description: >
    If access control is not properly configured on NFS, unauthorized users can mount shared directories without authentication.
    This can result in exposure or tampering of sensitive files.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,nfs,access-control,misconfiguration
  metadata:
    verified: true
    os: linux
    max-request: 1
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cwe-id: CWE-284

self-contained: true

code:
  - engine:
      - bash
    source: |
      if grep -E '\(.*all_squash.*\)' /etc/exports; then
        echo "[VULNERABLE] NFS allows everyone access with all_squash"
      elif grep -E '\*' /etc/exports; then
        echo "[VULNERABLE] NFS allows access to all (*) hosts"
      else
        echo "[SAFE] NFS access is restricted to specific IPs/subnets"
      fi
    matchers:
      - type: word
        part: code_1_response
        words:
          - "[VULNERABLE]"