MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 2013

RE: LDAP null base search



fixed

It came from a Nessus scan our data security officer runs monthly. Flagged as a Medium level threat

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Roger Harman
Sent: Tuesday, May 14, 2013 2:19 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: LDAP null base search

Is it really a vulnerability? The link you provided states that a null base search is required on a V3 LDAP. The docs that I looked at from IBM note that IBM-i implements V3 of LDAP.

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frza
hy%2Frzahyconcepts.htm



-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Monday, May 13, 2013 7:33 PM
To: Midrange Systems Technical Discussion
Subject: LDAP null base search

http://www.tenable.com/plugins/index.php?view=single&id=10722

Our i Server was tagged as having a security issue due to allowing an LDAP null base search. I have been trying to find some reference to how to close this hole but coming up blank on google searches. I got a few hits but nothing about how to turn it off. Has anyone else hit this and know how to close it?

Mike Cunningham




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.








Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact