Re: LDAP null base search -- MIDRANGE-L

It is a minor vulnerability as it potentially exposes information about
your environment that may be useful to an attacker. It doesn't grant
access but may make an attack easier.

However, it is also just the server working as designed; the vulnerability
is baked into the spec.

If you don't use LDAP, turn it off (ditto for all services; they can't be
exploited if they aren't running).
If you don't do client authentication to the i (intraserver only), block
LDAP at the network boundary between the user & i's LAN segments.
If disabling the null requests won't break your environment (needs
testing!), disable that feature. This may be possible on the i via a
configuration change; if not, a network appliance like a content-aware
firewall or an intrusion prevention system (IPS) can drop null requests.

On Tue, May 14, 2013 at 7:15 AM, Mike Cunningham <mike.cunningham@xxxxxxx>wrote:

It came from a Nessus scan our data security officer runs monthly. Flagged
as a Medium level threat

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:
midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Roger Harman
Sent: Tuesday, May 14, 2013 2:19 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: LDAP null base search

Is it really a vulnerability? The link you provided states that a null
base search is required on a V3 LDAP. The docs that I looked at from IBM
note that IBM-i implements V3 of LDAP.

http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frza
hy%2Frzahyconcepts.htm

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Monday, May 13, 2013 7:33 PM
To: Midrange Systems Technical Discussion
Subject: LDAP null base search

http://www.tenable.com/plugins/index.php?view=single&id=10722

Our i Server was tagged as having a security issue due to allowing an LDAP
null base search. I have been trying to find some reference to how to close
this hole but coming up blank on google searches. I got a few hits but
nothing about how to turn it off. Has anyone else hit this and know how to
close it?

Mike Cunningham

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.