[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant
From: Jason Nada <j.crider@xxxxxxxx>
Date: Wed, 1 Sep 2010 10:30:55 -0400

We recently ran a scan against our exchange servers and got the error that our 
server was vulnerable to an LDAP NULL BIND overflow. This vulnerability is now 
making out network uncomplient to PCI and are having trouble with a way to fix 
the problem.
 
I know we can't deny or shut up down LDAP as it is needed by RootDSE, but we 
need to find a fix or way to stop the LDAP from being picked up as vulnerable. 
The server is runing Windows 2008, and from what I read is that Win 2008 will 
show the server as vulnerable but, doesn't really pose any kind of threat? Is 
this true? Any information will help! Thanks!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant
  - From: Valdis . Kletnieks

Prev by Date: [Full-disclosure] [SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability
Next by Date: Re: [Full-disclosure] Online Binary Planting Exposure Test
Previous by thread: [Full-disclosure] [SecurityArchitect-008]: Xterm Local Buffer Overflow Vulnerability
Next by thread: Re: [Full-disclosure] LDAP NULL Bind being picked up, making non PCI compliant
Index(es):
- Date
- Thread