CVE-2017-14387

Name of the Vulnerable Software and Affected Versions EMC Isilon OneFS versions 8.1.0.0 EMC Isilon OneFS versions 8.0.1.0 through 8.0.1.1 EMC Isilon OneFS versions 8.0.0.0 through 8.0.0.4

Description The issue is related to the NFS service in EMC Isilon OneFS, which maintains default NFS export settings, including the NFS export security flavor for authentication. A flaw in the NFS service did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor, even if a more secure one was selected.

Recommendations For EMC Isilon OneFS version 8.1.0.0, update the default NFS export settings to ensure that changes to the security flavor are properly propagated to all new and existing NFS exports. For EMC Isilon OneFS versions 8.0.1.0 through 8.0.1.1, manually configure each NFS export to use the desired security flavor, rather than relying on the default settings. For EMC Isilon OneFS versions 8.0.0.0 through 8.0.0.4, consider disabling the use of default NFS export settings for all NFS exports, and instead, configure each export individually with the desired security settings.