CVE-1999-0170

Ultrix - Unauthenticated NFS Access Control Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0170. Includes Metasploit module auxiliary/scanner/nfs/nfsmount.

AI-analyzed exploit summary This Metasploit module scans NFS mounts and their permissions by interacting with the mountd service via SunRPC. It enumerates exported directories and checks if they are mountable, reporting findings without exploiting any vulnerability.

Description

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

Exploits (1)

metasploit SCANNER

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/nfs/nfsmount.rb

View Code ZIP pw:eip

This Metasploit module scans NFS mounts and their permissions by interacting with the mountd service via SunRPC. It enumerates exported directories and checks if they are mountable, reporting findings without exploiting any vulnerability.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: NFS (Network File System) mountd service

No auth needed

Prerequisites: Network access to the target NFS service (port 2049)

MITRE ATT&CK

T1135 - Network Share Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://www.cve.org/CVERecord?id=CVE-1999-0170

Scores

EPSS 0.1841

EPSS Percentile 96.9%

Details

Status published

Products (1)

digital/ultrix

Published Jan 01, 1997

Tracked Since Feb 18, 2026