Recently, i scanned my samba4.1 server by Nessus (a vulnerability scanner tool - http://www.tenable.com/products/nessus) Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search Access" as "The remote LDAP server may disclose sensitive information." Further it says that - The remote LDAP server supports search requests with a null, or empty, base object. This allows information to be retrieved without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user may be able to query your LDAP server using a tool such as 'LdapMiner'. Here is Nessus Link for this vulnerability - http://www.tenable.com/plugins/index.php?view=single&id=10722 Can anyone through some light on this?
On 19:11:06 wrote I Am Netizen:> Recently, i scanned my samba4.1 server by Nessus (a vulnerability > scanner tool - http://www.tenable.com/products/nessus) > > Nessus says that Samba4 is vulnerable to "LDAP NULL BASE Search > Access" as "The remote LDAP server may disclose sensitive > information." > > Further it says that - The remote LDAP server supports search > requests with a null, or empty, base object. This allows information > to be retrieved without any prior knowledge of the directory > structure. Coupled with a NULL BIND, an anonymous user may be able > to query your LDAP server using a tool such as 'LdapMiner'. > > Here is Nessus Link for this vulnerability - > http://www.tenable.com/plugins/index.php?view=single&id=10722 > > Can anyone through some light on this?You may do it self. just read the next chapter of the above link. -- Regards Harry Jede