Hello,
I've updated the NASL script to be more verbose.
Especially it tells about the ldapsearch command, so you
can easily copy & paste it and try it on command shell.
The script is not deocumented in the way that it
explains why it is an Security Hole.
The text says, it shows the information that can be pulled from the ldap,
but in fact it is truncated and only the first couple of bytes are shown in the
report.
Any LDAP experts around? ;-)
Best
Jan
On Freitag, 13. März 2009, Michael Meyer wrote:
> *** Chandrashekhar B <[email protected]> wrote:
> > I have seen the plugin, it is not doing error checking before calling to
> > report. Even if the pread or ldapsearch fails, it reports. We don't have
> > LDAP setup right now, if you can give me the error response string for a
> > failed ldapsearch, we could update the plugin.
>
> http://leto.net/docs/ldap_error_code.php
>
> m...@schlepp:~>ldapsearch -x -D "cn=foo,o=bla" -h $LDAP_HOST_EXIST
> ldap_bind: Server is unwilling to perform (53)
> additional info: unauthenticated bind (DN with no password) disallowed
>
> m...@schlepp:~> ldapsearch -x -h $LDAP_HOST_NOT_EXIST
> ldap_bind: Can't contact LDAP server (-1)
>
> m...@schlepp:~> ldapsearch -x -D "cn=admin,o=bla" -w wrong_pass -h
> $LDAP_HOST_EXIST
> ldap_bind: Invalid credentials (49)
>
> m...@schlepp:~> ldapsearch -x -h $LDAP_HOST_EXIST
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
--
Dr. Jan-Oliver Wagner | ++49-541-335083-0 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
