[Samba] LDAP NULL BASE Search Access to Samba4

itsaheb itsaheb at gmail.com
Tue Feb 9 14:59:11 UTC 2016


Hello Team,

Im also facing the same issue. Nessus says that Samba4 is vulnerable to
"LDAP NULL BASE Search Access" and "LDAP Crafted Search Request Server
Information Disclosure".

Can you please guide me how to use bind null attribute in smb.conf file?

Im using Samba4.3

Regards,
ITSaheb


> Access"



2014-10-04 22:42 GMT+05:30 Harry Jede <walk2sun at arcor.de>:

> On 19:11:06 wrote I Am Netizen:
> > Recently, i scanned my samba4.1 server by Nessus (a vulnerability
> > scanner tool - http://www.tenable.com/products/nessus)
> >
> > Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search
> > Access" as "The remote LDAP server may disclose sensitive
> > information."
> >
> > Further it says that - The remote LDAP server supports search
> > requests with a null, or empty, base object. This allows information
> > to be retrieved without any prior knowledge of the directory
> > structure. Coupled with a NULL BIND, an anonymous user may be able
> > to query your LDAP server using a tool such as 'LdapMiner'.
> >
> > Here is Nessus Link for this vulnerability -
> > http://www.tenable.com/plugins/index.php?view=single&id=10722
> >
> > Can anyone through some light on this?
> You may do it self. just read the next chapter of the above link.
>
> --
>
> Regards
>         Harry Jede
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list