[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Question on null bind and base
Where I work our security folks routinely scan the servers for
vulnerabilities with a vended security scanning product. On my LDAP
server, the following "vulnerabilities" were detected:
LDAP anonymous access to directory (severity medium)
----------------------------------------------------
The NULL bind entry allows a user to access the LDAP directory
anonymously. An attacker could take advantage of the NULL bind
entry to anonymously view files on the LDAP directory
Fix:
----
Disable the NULL bind entry or control the entry with Access
Control Lists (ACLs).
LDAP null base returns information (severity medium)
----------------------------------------------------
If LDAP allows a NULL base in an LDAP search, a user can submit
a search that returns information on namingContexts and supported
controls. An attacker could use this information to access directory
listings and plan further attacks.
Fix:
----
Set up an access list control to prevent users from dumping the
base of the tree or issuing a request without knowing the base
object.
Queries to the scanner vendor for more details were responded to with
"sorry, that's proprietary information"
I'm not sure these mqke any sense. What sort of ACL do I need to
disable the NULL bind entry? I tried the following:
access to dn=".*,dc=iu,dc=edu" by users read
access to * by dn="" none
And the vulnerability is still reported. With regard to the second
warning,
to be able to support SASL authentication, don't base attributes such as
"supportedSASLMechanisms" have to be available?
Puzzled,
Allan