Ru-Board.club
← Вернуться в раздел «Microsoft Windows»

» NULL BASE на Windows Server 2003

Автор: VovaMozg
Дата сообщения: 21.07.2005 05:58
Люди, опдскажите, пожалуйста, что такое NULL BASE на Windows Server 2003 и с чем его едят... Если можно, то как его отключить?И вообще можно ли???И нужно?
Автор: Cheery
Дата сообщения: 21.07.2005 06:18
Мне все же кажется, что это относится к OpenLDAP на линухе.

Цитата:
> Improperly configured LDAP servers will allow the directory BASE
> to be set to NULL. This allows information to be
> culled without any prior knowledge of the directory
> structure. Coupled with a NULL BIND, an anonymous
> user can query your LDAP server using a tool such
> as ?LdapMiner?
>
> Solution: Disable NULL BASE queries on your LDAP server
> Risk factor : Medium
>
> I have disabled NULL binds but can't find any documentation outlining
> how to "Disable NULL BASE queries" on this server. Anyone have any
> ideas? We want to be able to use OpenLDAP but if I can't figure this
> problem out we may need to use another product.

ACLs:

access to dn.exact=""
by users read
by * none

replace "read" with whatever permissions you want users
to have on the rootDSE, and "users" with whatever stricter
set of non-anonymous users you want. Note that this
partially defeats the purpose of a directory server,
because only clients that know what naming context this
DSA is serving will be able to use it. I'd rather leave
the rootDSE readable by anonymous and protect entries from
anonymous data mining, unless even the overhead resulting
from potential data mining is a concern.

хотя..

Цитата:
Warning ldap (389/tcp)
Improperly configured LDAP servers will allow any user to connect to the
server and query for information.

Solution: Disable NULL BIND on your LDAP server

In addition, the LDAP bind function in Exchange 5.5 has a buffer overflow
that allows a user to conduct a denial of service or execute commands in all
versions prior to Exchange server SP2. Coupled with a NULL BIND, an
anonymous user can mount a remote attack against your server.

Note: no test was done to see what version of Exchange server is running,
nor attempt to verify the service pack.

Solution: see http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
Risk factor: Medium
CVE : CVE-1999-0385
BID : 503
Nessus ID : 10723


Warning ldap (389/tcp)
Improperly configured LDAP servers will allow the directory BASE
to be set to NULL. This allows information to be
culled without any prior knowledge of the directory
structure. Coupled with a NULL BIND, an anonymous
user can query your LDAP server using a tool such
as 'LdapMiner'

Solution: Disable NULL BASE queries on your LDAP server

Risk factor : Medium
Nessus ID : 10722
Автор: VovaMozg
Дата сообщения: 21.07.2005 06:35
Эээ. Я так понимаю, оно вообще в, в принципе-то и не нужно? Можно отключить? а как? закрыть 389 порт? а на нём больше ничего важного не висит? На серваке у меня висит:
DNS, DHCP, WINS, AD ну и конечно же шары всякие... ничего не затронет?

Страницы: 1

Предыдущая тема: Windows XP - не удается залогиниться


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.