[Samba] LDAP NULL BASE Search Access to Samba4

I Am Netizen iamnetizen at gmail.com
Sat Oct 4 10:28:14 MDT 2014

Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner
tool - http://www.tenable.com/products/nessus)

Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search Access" as
"The remote LDAP server may disclose sensitive information."

Further it says that - The remote LDAP server supports search requests with
a null, or empty, base object. This allows information to be retrieved
without any prior knowledge of the directory structure. Coupled with a NULL
BIND, an anonymous user may be able to query your LDAP server using a tool
such as 'LdapMiner'.

Here is Nessus Link for this vulnerability -

Can anyone through some light on this?

More information about the samba mailing list