[Samba] LDAP NULL BASE Search Access to Samba4
Harry Jede
walk2sun at arcor.de
Sat Oct 4 11:12:46 MDT 2014
On 19:11:06 wrote I Am Netizen:
> Recently, i scanned my samba4.1 server by Nessus (a vulnerability
> scanner tool - http://www.tenable.com/products/nessus)
>
> Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search
> Access" as "The remote LDAP server may disclose sensitive
> information."
>
> Further it says that - The remote LDAP server supports search
> requests with a null, or empty, base object. This allows information
> to be retrieved without any prior knowledge of the directory
> structure. Coupled with a NULL BIND, an anonymous user may be able
> to query your LDAP server using a tool such as 'LdapMiner'.
>
> Here is Nessus Link for this vulnerability -
> http://www.tenable.com/plugins/index.php?view=single&id=10722
>
> Can anyone through some light on this?
You may do it self. just read the next chapter of the above link.
--
Regards
Harry Jede
More information about the samba
mailing list