[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-plugins
Subject:    Re: [Openvas-plugins] OpenVAS plugin for ldap
From:       "Chandrashekhar B" <bchandra () secpod ! com>
Date:       2009-03-20 7:13:24
Message-ID: BF78FA6C71244B018F5041DA849BFC73 () bchandra
[Download RAW message or body]


We have updated ldapsearch.nasl to fix the false reporting and also
downgraded the severity. General response might change according to the ldap
server used, any testing feedback is appreciated.

Thanks,
Chandra. 

-----Original Message-----
From: openvas-plugins-bounces@wald.intevation.org
[mailto:openvas-plugins-bounces@wald.intevation.org] On Behalf Of Michael
Meyer
Sent: Monday, March 16, 2009 8:51 PM
To: openvas-plugins@wald.intevation.org
Subject: Re: [Openvas-plugins] OpenVAS plugin for ldap

*** Jan-Oliver Wagner <jan-oliver.wagner@intevation.de> wrote:
> On Freitag, 13. März 2009, Michael Meyer wrote:
> > *** Jan-Oliver Wagner <jan-oliver.wagner@intevation.de> wrote:
> > > The script is not deocumented in the way that it
> > > explains why it is an Security Hole.
> > > The text says, it shows the information that can be pulled from the
ldap,
> > > but in fact it is truncated and only the first couple of bytes are
shown in the
> > > report.
> > > 
> > > Any LDAP experts around? ;-)
> > 
> > http://markmail.org/message/ry5kkd6mrpzgzj42
> > http://www.openldap.org/lists/openldap-software/200605/msg00191.html
> > http://kuerzer.de/hf3OS3QpP
> > http://kuerzer.de/gR18v5O9j
> > http://www.mail-archive.com/nessus@list.nessus.org/msg17819.html
> 
> seems we should downgrade the severity of this finding ?

IMHO, yes. 

Moreover, this plugin should be revised  that it produces fewer
false positives. Currently, the plugin only determine if there is
*any* output from ldapsearch. If so, the plugin reports a security
problem. Also if there came messages like "Could not Connect".

Micha
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins

_______________________________________________
Openvas-plugins mailing list
Openvas-plugins@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic