Click here to get back home

LDAP allows anonymous binds
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
LDAP allows anonymous binds Neil 09-08-2005
Posted by Neil on September 8, 2005, 9:01 am
Please log in for more thread options
 This is vulnerability that I wanted to get rid of on couple of servers and I
tried reading the article. It looks that it is more of an Exchange violation.
But, we have 2 DNS servers and 2 DC's which have these violations. Kind of
confused, what to do. Any ideas? I have more info below in regard to this
violation.


LDAP allows anonymous binds
Check for LDAP null bind

Improperly configured LDAP servers will allow any user to connect to the
server and query for information.

Solution: Disable NULL BIND on your LDAP server

In addition, the LDAP bind function in Exchange 5.5 has a buffer overflow
that allows a user to conduct a denial of service or execute commands in all
versions prior to Exchange server SP2. Coupled with a NULL BIND, an
anonymous user can mount a remote attack against your server.

Note: no test was done to see what version of Exchange server is running,
nor attempt to verify the service pack.

Solution: see http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
Risk factor: Medium



Posted by Joe Richards [MVP] on September 8, 2005, 5:09 pm
Please log in for more thread options
 AD DCs must have anonymous bind capability to the RootDSE as it is an RFC item
for LDAPv3. Once you are bound anonymously, the level of info available isn't
generally that great unless someone has really opened up security.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Neil wrote:
> This is vulnerability that I wanted to get rid of on couple of servers and I
> tried reading the article. It looks that it is more of an Exchange violation.
> But, we have 2 DNS servers and 2 DC's which have these violations. Kind of
> confused, what to do. Any ideas? I have more info below in regard to this
> violation.
>
>
> LDAP allows anonymous binds
> Check for LDAP null bind
>
> Improperly configured LDAP servers will allow any user to connect to the
> server and query for information.
>
> Solution: Disable NULL BIND on your LDAP server
>
> In addition, the LDAP bind function in Exchange 5.5 has a buffer overflow
> that allows a user to conduct a denial of service or execute commands in all
> versions prior to Exchange server SP2. Coupled with a NULL BIND, an
> anonymous user can mount a remote attack against your server.
>
> Note: no test was done to see what version of Exchange server is running,
> nor attempt to verify the service pack.
>
> Solution: see http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
> Risk factor: Medium
>


Posted by Roger Abell [MVP] on September 8, 2005, 6:45 pm
Please log in for more thread options
Keep in mind that some ldap services do not implement granular
security on the directory service's content, but AD does. Binding
is one thing, successfully querying depends on permissions beyond
the requirements to bind.

> This is vulnerability that I wanted to get rid of on couple of servers and
> I
> tried reading the article. It looks that it is more of an Exchange
> violation.
> But, we have 2 DNS servers and 2 DC's which have these violations. Kind of
> confused, what to do. Any ideas? I have more info below in regard to this
> violation.
>
>
> LDAP allows anonymous binds
> Check for LDAP null bind
>
> Improperly configured LDAP servers will allow any user to connect to the
> server and query for information.
>
> Solution: Disable NULL BIND on your LDAP server
>
> In addition, the LDAP bind function in Exchange 5.5 has a buffer overflow
> that allows a user to conduct a denial of service or execute commands in
> all
> versions prior to Exchange server SP2. Coupled with a NULL BIND, an
> anonymous user can mount a remote attack against your server.
>
> Note: no test was done to see what version of Exchange server is running,
> nor attempt to verify the service pack.
>
> Solution: see
> http://www.microsoft.com/technet/security/bulletin/ms99-009.mspx
> Risk factor: Medium
>




Similar ThreadsPosted
How to Determine Which Service in LSASS.EXE Binds to Port X? September 27, 2007, 4:24 am
Configuring SSL for LDAP October 23, 2007, 10:01 am
Secure SSL with LDAP and AD May 20, 2008, 11:23 am
no server credential/no LDAP over SSL June 17, 2005, 3:24 pm
Access Control to LDAP on AD? October 14, 2005, 9:20 pm
Anonymous folder access December 13, 2006, 9:14 pm
LDAP authentication security ? December 3, 2007, 11:25 am
Anonymous login to share December 18, 2007, 9:00 am
Enterprise Ca authority anonymous access January 16, 2007, 4:07 pm
Re-Configuring LDAP CDP on Enterprise Root CA February 17, 2007, 1:31 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap