目标主机showmount -e信息泄露(CVE-1999-0554)

最新推荐文章于 2025-03-30 23:04:45 发布

Eunyeon2__

最新推荐文章于 2025-03-30 23:04:45 发布

阅读量254

点赞数 2

文章标签： linux centos 运维服务器

本文链接：https://blog.youkuaiyun.com/qq_37579157/article/details/146061809

版权

目标主机showmount -e信息泄露(CVE-1999-0554)

问题

[root@test ~]# showmount -e 10.20.1.2
Export list for 10.20.1.2:
/data *

解决方法

在NFS服务器上的/etc/hosts.allow和/etc/hosts.deny文件添加以下内容即可解决该问题。

编辑/etc/hosts.allow文件

[root@test ~]# vi /etc/hosts.allow
#
#hosts.allow    This file contains access rules which are used to
#allow or deny connections to network services that
#either use the tcp_wrappers library or that have been
#started through a tcp_wrappers-enabled xinetd.
#
#See 'man 5 hosts_options' and 'man 5 hosts_access'
#for information on rule syntax.
#See 'man tcpd' for information on tcp_wrappers
#
#
mountd:10.20.1.3    #<==添加客户端IP地址，相当于白名单

[root@test ~]# vi /etc/hosts.deny 
#
#hosts.deny    This file contains access rules which are used to
#deny connections to network services that either use
#the tcp_wrappers library or that have been
#started through a tcp_wrappers-enabled xinetd.
#
#The rules in this file can also be set up in
#/etc/hosts.allow with a 'deny' option instead.
#
#See 'man 5 hosts_options' and 'man 5 hosts_access'
#for information on rule syntax.
#See 'man tcpd' for information on tcp_wrappers
#
#
mountd:all     #<==添加该行，相当于黑名单

在以上两个文件中添加对应内容之后，不需要重启nfs服务，即可生效

结果测试

[root@test ~]# showmount -e 10.20.1.2 
rpc mount export: RPC: Authentication error; why = Failed (unspecified error)