Skip to main content
NetApp Knowledge Base

Does CVE-1999-1225 affect ONTAP?

  1. Last updated
  2. Save as PDF
Views:
363
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • QID-68519
  • CVE-1999-1225

Answer

 

As per RFC 1813 , ONTAP 9 does respond with the required mountstat3 code. 

  • For a non-existing directory:

# mount nfs1:/test /t
mount.nfs: mounting nfs1:/test failed, reason given by server: No such file or directory

  • For a directory that does exist, but which the user does not have access to:

# mount nfs1:/test2 /t
mount.nfs: access denied by server while mounting nfs1:/test2

Note: As configured above (/ is exported to all hosts with read-only (ro) status), it is possible to determine whether a given exported directory exists or not. 

  • When ro access to / is revoked the response is as follows:

# mount nfs1:/test /t
mount.nfs: access denied by server while mounting nfs1:/test

Note: In this configuration ONTAP no longer confirms the existence of the mount point to an unauthorized user. This would have to be set for new and existing mounts.

Additional Information

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.