Is it really a vulnerability? The link you provided states that a null base
search is required on a V3 LDAP. The docs that I looked at from IBM note
that IBM-i implements V3 of LDAP.
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=%2Frza
hy%2Frzahyconcepts.htm
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Monday, May 13, 2013 7:33 PM
To: Midrange Systems Technical Discussion
Subject: LDAP null base search
http://www.tenable.com/plugins/index.php?view=single&id=10722
Our i Server was tagged as having a security issue due to allowing an LDAP
null base search. I have been trying to find some reference to how to close
this hole but coming up blank on google searches. I got a few hits but
nothing about how to turn it off. Has anyone else hit this and know how to
close it?
Mike Cunningham
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at
http://archive.midrange.com/midrange-l.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
