[Plugins-writers] ldap_null_bind.nasl (10723)

• Previous message: ???: "[Plugins-writers] file operation functioning in NASL scripting environment?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think the description for   ldap_null_bind.nasl   script_id(10723)   needs
modifying.

If I have understood ....

There is (was) a buffer overflow vulnerability in the LDAP service with
Exchange 5.5. To exploit this vulnerability required two things (a) the
patch pointed to by Microsoft Bulletin MS99-009 had not been applied, (b)
and the ability to successfully bind to the LDAP server.

If the LDAP server allows null (or anonymous) binds then the vulnerability
could be exploited by anyone. If null binds are not allowed then the
vulnerability could only be exploited by authenticated users.

Alternatively, the vulnerability could be removed by applying the patch
referenced in MS99-009.

ldap_null_bind.nasl merely checks for the LDAP null bind yet reports on the
buffer overflow.



Is this a better description for ldap_null_bind.nasl
- - - -
Improperly configured LDAP servers will allow any user to connect to the
server and query for information.

Solution: Disable NULL BIND on your LDAP server

In addition, the LDAP bind function in Exchange 5.5 has a buffer overflow
that allows a user to conduct a denial of service or execute commands in all
versions prior to Exchange server SP2. Coupled with a NULL BIND, an
anonymous user can mount a remote attack against your server.

Note: no test was done to see what version of Exchange server is running,
nor attempt to verify the service pack.

Solution: see
http://www.microsoft.com/technet/security/bulletin/ms99-009.asp

Risk factor: Medium

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Next message: sullo@private: "[Plugins-writers] iplanet_data_snag.nasl"
• Previous message: ???: "[Plugins-writers] file operation functioning in NASL scripting environment?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 03 2003 - 05:43:46 PST