Re: FreeBSD Security Advisory FreeBSD-SA-06:10.nfs
- From: Colin Percival <cperciva@xxxxxxxxxxx>
- Date: Wed, 01 Mar 2006 08:18:27 -0800
FreeBSD Security Advisories wrote:
Topic: Remote denial of service in NFS server
[...]
IV. Workaround
1) Disable the NFS server: set the nfs_server_enable variable to "NO"
in /etc/rc.conf, and reboot.
Alternatively, if there are no active NFS clients (as listed by the
showmount(8) utility), simply killing the mountd and nfsd processes
should suffice.
2) Add firewall rules to block RPC traffic to the NFS server from
untrusted hosts.
There's one more workaround: Since this problem only affects RPC messages
incoming via TCP, disabling the use of TCP with NFS will correct this
while still allowing NFS to run over UDP.
To disable use of TCP for NFS, remove the "-t" flag from nfs_server_flags
in /etc/rc.conf and reboot.
Colin Percival
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- FreeBSD Security Advisory FreeBSD-SA-06:10.nfs
- From: FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-06:10.nfs
- Prev by Date: FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED]
- Next by Date: Jails and loopback interfaces
- Previous by thread: FreeBSD Security Advisory FreeBSD-SA-06:10.nfs
- Next by thread: FreeBSD Security Advisory FreeBSD-SA-06:09.openssh [REVISED]
- Index(es):
Relevant Pages
|
|
