H3-2020-0010

NFS UID/GID Manipulation Possible

Description

The NFS service allows UID/GID manipulation from client connections. An attacker can exploit this misconfiguration by creating a local user whose UID/GID matches the UID/GID of the remote file owner, and then accessing files in the shares using that local user. This happens because NFS trusts the client-side UID/GID values without verification, allowing unauthorized users to spoof UID/GID and gain access to restricted files.

Impact

A remote client may be able to access files under the context of another user, and in some cases elevate privileges to system level permissions.

References

• CWE-284: Improper Access Control
• Security and NFS
• MITRE ATT&CK Technique: T1548.001: Abuse Elevation Control Mechanism: Setuid and Setgid