UDP Dangerous File Transfer

Port 2049 (NFS)

Learn about port 2049 (NFS) - security risks, vulnerabilities, and common uses. Find devices with port 2049 open.

Quick Info

Port Number

2049

Protocol

UDP

Service

NFS

IANA Name

NFS

Service Description

Network File System (NFS) operates primarily on port 2049, although earlier versions and related services like portmapper (often using port 111) might be involved in the connection establishment. NFS allows systems to mount file systems over a network and interact with them as if they were locally attached. It enables resource sharing between different operating systems and architectures. The protocol's core function is to provide transparent access to remote files, directories, and other file system objects. NFS has evolved through several versions, with NFSv4 being the most current and widely adopted, incorporating features like stateful operations and improved security.

At a technical level, an NFS client initiates a request to the NFS server, specifying the desired operation (e.g., read, write, create, delete) and the target file or directory. The request is typically encapsulated in an RPC (Remote Procedure Call) message. The server processes the request, performs the necessary file system operations, and returns a response to the client. This response indicates the status of the operation and may include data being read or other relevant information. Earlier versions relied heavily on UDP, but modern implementations predominantly use TCP for enhanced reliability and congestion control. Authentication and authorization mechanisms vary depending on the NFS version and configuration, ranging from simple UID/GID-based access control to more sophisticated systems like Kerberos.

## Firewall Recommendations

NFS traffic on port 2049 should be strictly controlled and only allowed from trusted networks and clients. It's crucial to block access to port 2049 from the public internet. Implement strong authentication mechanisms, such as Kerberos, to prevent unauthorized access. Regularly audit NFS configurations to ensure that only necessary file systems are exported and that export options are properly configured. Keep the NFS server software up to date with the latest security patches to mitigate known vulnerabilities. Consider using a VPN or other secure tunneling solution to encrypt NFS traffic when it traverses untrusted networks. If NFS is not required, disable the service entirely.

Security Information

NFS, particularly older versions, has historically been a source of security vulnerabilities. One major concern is the potential for unauthorized access to shared file systems. If not properly configured, NFS can allow anyone on the network to mount and access sensitive data. Vulnerabilities can arise from weak authentication mechanisms, misconfigured export options, or bugs in the NFS server software. NFS is often targeted by attackers looking for an easy way to gain access to sensitive data or to exploit vulnerabilities in the NFS server itself. Improper configuration, such as allowing root access from client machines or using insecure authentication methods, significantly increases the risk of compromise. Furthermore, vulnerabilities in RPC implementations, which are often used by NFS, can also be exploited to gain unauthorized access.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2018-1002101	Privilege escalation in Kubernetes NFS volume plugin	High	A vulnerability exists in the Kubernetes NFS volume plugin that could allow a malicious container to escalate privileges.
CVE-2017-17741	Linux kernel: NFS client out-of-bounds read	Medium	The nfs4_proc_layoutreturn function in fs/nfs/nfs4proc.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (system crash) or possibly read sensitive information from kernel memory via a crafted NFSv4 layoutreturn call.
CVE-2017-15265	Linux kernel: NFSv4.1 pNFS use-after-free	Medium	Use-after-free vulnerability in fs/nfs/pnfs.c in the Linux kernel before 4.13.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via crafted NFSv4.1 pNFS operations.