On Tue, 16 Mar 2004, Redmond Militante wrote: > hi > we ran nessus against our windows 2000 active directory domain controller. it found > > Vulnerability > ldap (389/tcp) > > improperly configured LDAP servers will allow any user to connect to the > server and query for information. > > > the solution was: Disable NULL BASE queries on your LDAP server > > > nessus also referenced the MS knowledge base link > at http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx > > this vulnerability seems specific to MS Exchange prior to SP2.
nah, the vulnerability can be found in default install of just about any LDAP server. > what specific configuration can you do to a windows 2000 active directory > domain controller to get rid of this particular nessus error message? > what exactly is a 'NULL bind', and does this issue even pertain to a > windows 2000 server that is not running MS Exchange? > if so, what is the fix for this problem if you're not running MS Exchange? This is the 2nd time this week that I've heard this question...I'm not sure what the answer is, but I'll look around for it.... John Lampe jwlampe -at- nessus.org http://f00dikator.aceryder.com/ _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
