Bug 33254 - TCP/UDP port 4660 for NFS?
TCP/UDP port 4660 for NFS?
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: NFS
UCS 4.2
All Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Philipp Hahn
Jürn Brodersen
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-11 15:58 CET by Philipp Hahn
Modified: 2017-08-09 16:57 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
hahn: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2013-11-11 15:58:15 CET
debian/univention-nfs-server.postinst
> »··»···ucr set ...
> »··»···»···security/packetfilter/package/univention-nfs/tcp/4660/all="ACCEPT" \
> »··»···»···security/packetfilter/package/univention-nfs/tcp/4660/all/en="NFS" \
> »··»···»···security/packetfilter/package/univention-nfs/udp/4660/all="ACCEPT" \
> »··»···»···security/packetfilter/package/univention-nfs/udp/4660/all/en="NFS" \

Why?
AFAIK that port doesn't have anything to do with NFS.
Comment 1 Philipp Hahn univentionstaff 2013-11-11 16:30:23 CET
Perhaps it was <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484861> = <https://bugzilla.linux-nfs.org/show_bug.cgi?id=177>

Our version of rcp.statd in UCS-3.2 still has that bug:
# rpc.statd -V
rpc.statd version 1.2.2

# ps www `pidof rpc.statd`
  PID TTY      STAT   TIME COMMAND
10657 ?        Ss     0:00 /sbin/rpc.statd --port 32765 --outgoing-port 32766

# lsof -p `pidof rpc.statd` | grep UDP
rpc.statd 10657 statd    5u  IPv4              67650      0t0    UDP *:657 
rpc.statd 10657 statd    7u  IPv4              67661      0t0    UDP *:32765
Comment 2 Stefan Gohmann univentionstaff 2017-06-16 20:36:38 CEST
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4.

If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
Comment 3 Philipp Hahn univentionstaff 2017-07-28 15:31:49 CEST
Our version of nfs-utils is new enough to have the "statd -o" bug fixed:

# dpkg-query -W nfs-common
nfs-common      1:1.2.8-9A~4.2.0.201703011138
# rpc.statd -V
rpc.statd version 1.2.8
# ucr search --brief ^version/
version/erratalevel: 118
version/patchlevel: 1
version/releasename: Lesum
version/version: 4.2

services/univention-nfs/debian/univention-nfs-server.postinst still needs fixing.
This is a security vulnerability as nothing is bound to TCP/UDP port 4660, leaving that open to any internal process taking that port.

Patch:
 sed -e '/4660/d' -i services/univention-nfs/debian/univention-nfs-server.postinst
Comment 4 Philipp Hahn univentionstaff 2017-07-31 13:10:25 CEST
r81553 | Bug #33254 NFS: Remove old upgrade code
r81552 | Bug #33254 NFS: Remove port 4660 from firewall

Package: univention-nfs
Version: 9.0.0-3A~4.2.0.201707311304
Branch: ucs_4.2-0
Scope: errata4.2-1

r81561 | Bug #32272,Bug #33254,Bug #45101,Bug #25446 NFS. YAML
Comment 5 Jürn Brodersen univentionstaff 2017-07-31 17:31:12 CEST
What I tested:
ucr variables removed after upgrade -> OK
mount share from master on slave -> read/write -> OK

YAML: OK

-> verified
Comment 6 Arvid Requate univentionstaff 2017-08-09 16:57:15 CEST
<http://errata.software-univention.de/ucs/4.2/130.html>