samba - Oct 2014 - LDAP NULL BASE Search Access to Samba4

Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner
tool - tenable.com/products/nessus)

Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search
Access" as
"The remote LDAP server may disclose sensitive information."

Further it says that - The remote LDAP server supports search requests with
a null, or empty, base object. This allows information to be retrieved
without any prior knowledge of the directory structure. Coupled with a NULL
BIND, an anonymous user may be able to query your LDAP server using a tool
such as 'LdapMiner'.

Here is Nessus Link for this vulnerability -
tenable.com/plugins/index.php?view=single&id=10722

Can anyone through some light on this?

On 19:11:06 wrote I Am Netizen:
> Recently, i scanned my samba4.1 server by Nessus (a vulnerability
> scanner tool - tenable.com/products/nessus)
> 
> Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search
> Access" as "The remote LDAP server may disclose sensitive
> information."
> 
> Further it says that - The remote LDAP server supports search
> requests with a null, or empty, base object. This allows information
> to be retrieved without any prior knowledge of the directory
> structure. Coupled with a NULL BIND, an anonymous user may be able
> to query your LDAP server using a tool such as 'LdapMiner'.
> 
> Here is Nessus Link for this vulnerability -
> tenable.com/plugins/index.php?view=single&id=10722
> 
> Can anyone through some light on this?
You may do it self. just read the next chapter of the above link.

-- 

Regards
	Harry Jede