nfsbug leaving file systems mounted

[fc () all net (Dr. Frederick B. Cohen)]

The following log (actual site name and spurious information removed)
shows the nfsbug problem I have encountered with file systems left
mounted.  Dispite that claim that nfsbug never actually mounts a file
system, it appears that the remote host believes that the file system
was (and still is) mounted!

BEFORE THE TEST:
========Testing showmount -ade a.b.c.d
a.b.c.d:/var/spool/mail
b.b.c.d:/var/spool/mail
b.b.c.d:/usr/local
c.b.c.d:/var/spool/mail
c.b.c.d:pA
c.b.c.d:/var/spool/mail/msgs
...

THE TEST:
========Trying nfs bug - no handle guessing (takes too long from here)
RPC: Timed out
RPC: Timed out
RPC: Timed out
RPC: Timed out
Connected to NFS mount daemon at a.b.c.d using TCP/IP
Connected to NFS server at a.b.c.d using UDP/IP
Failed: /var/spool/mail: Permission denied
Failed: /var: Permission denied
Failed: /usr: Permission denied
Failed: /usr/local: Permission denied

AFTER THE TEST:
========Testing showmount again
all.net:/usr/local
all.net:/usr
all.net:/var
all.net:/var/spool/mail
a.b.c.d:/var/spool/mail
b.b.c.d:/var/spool/mail
b.b.c.d:/usr/local
c.b.c.d:/var/spool/mail/msgs
c.b.c.d:/var/spool/mail
c.b.c.d:pA
...

This problem seems to occur about 1 in 30 times nfsbug is run (very
approximate).  Could it be that an RPC to dismount failed and some file
systems believe that there was an actual mount? Why does NFSbug not tell
us of the success? At a minimum, it should say something like - I
mounted it, but the dismount calls timed out - this is very dangerous -
no?

FC