PCI Vulnerability Reports LDAP NULL BIND ENABLED
I’m Running PCI compliance Report on a windows 2008 R2 and the report fails
The error summary points to LDAP NULL BIND being
Enabled I thought LDAP NULL BIND was disabled by default.
How can I test for LDAP NULL BIND being disabled?
How can I disable LDAP NULL BIND?
Thanks for your help
Please start by reading that: http://support.microsoft.com/kb/837964/en-us
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password
Similar Messages
-
Configure the Iplanet Directory server 5.0 not to allow NULL BINDs.
How to restrict connection of user without authentication, via a Null Bind, what I can see in access log is connection of user BIND DN= which I dont want. Is there any way to come over this?
Recall my first reply:
In iPlanet DS 5.0 (and several other LDAP servers), there is no way to totally disable anonymous binds.
You are never going to get that message to disappear when running that tool against iPlanet DS 5.0.
But, if it's any comfort, that particular piece of advice it's giving you is pretty silly.
The claim that an anonymously-readable rootDSE equates to "improper configuration" is DAFT.
I suggest you stop paying attention to this software, and begin planning your upgrade to newer LDAP server software.
(Incidentally, some newer LDAP servers do allow you to disable anonymous binds, but I would still advise you to ignore that audit tool, and just decide for yourself what policies make the most sense for your case). -
Not null and enable or disable column in tabular form
Hi,
Using apex version 4.1 and working on tabular form.
ACT_COA_SEGMENT_MAS is Master table
and
ACT_SEGMENT_VALUES_MAS is detail table
I have entered 8 rows in master table and PARENT_SEGMENT_ID is column in master table which is null able. If i specified PARENT_SEGMENT_ID with value in master table then in detail table there is column PARENT_ID that should not be null and enable.
How i can enable or disable column when in master table PARENT_SEGMENT_ID column is null then in detail table PARENT_ID column should disable and vice versa.
I have created tabular form on Detail table. before insert into the tabular form Check in master table in first entry if PARENT_SEGMENT_ID is not null in first row of master table then in tabular form PARENT_ID should enable and not null able in corresponding to this first row id's lines in tabular form.
Same should check for second row in master table if PARENT_SEGMENT_ID is not null then entered rows with PARENT_ID into tabular form corresponding to 2nd id in master table should not nullable and column should enable in tabular form.
Thanks & Regards
Vedant
Edited by: Vedant on Jan 9, 2013 9:12 PMVedant,
You need to create you own manual tabular form and not use the wizard.
Using APEX_ITEM api you should be build you own form and you will be able to control how you wan to display the rows. (See Link [Apex Item Help|http://docs.oracle.com/cd/E37097_01/doc/doc.42/e35127/apex_item.htm#CACEEEJE] )
select case when PRIMARY_TABLE_COLUMN is null then APEX_ITEM.DISPLAY_AND_SAVE(3 , DETAIL_COLUMN ) else APEX_ITEM.TEXT(2,detail_column) end "ALIAS" from detail table
Hope that help.
Vivek -
Is there a way to create SQL Dev reports with validated binds?
Is there a way to create SQL Dev reports with validated binds similar to the way user defined extensions can have <prompts> with a <value> that is a SQL statement returning a list of possible values?
This sure would make select appropriate values for binds in reports easier and less error prone.Maybe a forum search on "Windows registry" would turn up some useful things. You're not the first to ask this. You might save yourself and everyone else some time if you'd simply do that.
-
NULL binds with dbms_xmlgen - exception raised
Hi, I am using the following code extract to get an xml string
xmlCtx := dbms_xmlgen.newContext(l_sql_str);
dbms_xmlgen.setNullHandling(xmlCtx, dbms_xmlgen.empty_tag);
dbms_xmlgen.setbindvalue(xmlCtx,'RUN_ID', p_run_id);
dbms_xmlgen.getxml(xmlCtx, l_output_xml);
The above code generates ORA-19202 and ORA-01008 "Not all variables bound" errors when I attempt to bind NULL values. Is anyone aware of any issues relating to NULL binds with dbms_xmlgen? I have attempted to substiture -1 for NULLS which seems to work OK.
Steve Macleod
Oracle Database 10g Enterprise Edition Release 10.1.0.5.0 - 64bi
PL/SQL Release 10.1.0.5.0 - ProductionORA-01008 "Not all variables bound"Are you sure you have the bind :RUN_ID in your statement?
The NULL value should cause no problem:
SQL> declare
xmlCtx integer;
l_sql_str long := 'select :RUN_ID RUN_ID from dual';
p_run_id integer;
begin
xmlCtx := dbms_xmlgen.newContext (l_sql_str);
dbms_xmlgen.setNullHandling (xmlCtx, dbms_xmlgen.empty_tag);
dbms_xmlgen.setbindvalue (xmlCtx, 'RUN_ID', p_run_id);
dbms_output.put_line (dbms_xmlgen.getxml (xmlCtx));
end;
<?xml version="1.0"?>
<ROWSET>
<ROW>
<RUN_ID/>
</ROW>
</ROWSET>
PL/SQL procedure successfully completed. -
I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.
I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.
Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.
I am running 6.0.182.0. Any thoughts??You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.
for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.
If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.
I hope i answerd your question. -
Hi,
We have received a vulnerability report for 7940 IP Phones with VM QID -- 86175.
Pls suggest how to over come this VM.
Currently we are running firmware P0030801SR02 for 7940 IP Phones, Pls suggest weather upgrading the firmware will overcome this issue.Hi,
Pls find the details below of qualys guard...
Qualys ID (QID):86175
QID Title:Web Server/ Web Application Vulnerable to Cross-Site Scripting Attacks..
Generic Solution:Any Web application on the server may be affected by this vulnerability. To prevent cross-site scripting attacks from occurring, web developers should use static pages whenever possible and sanitize input / output.The following vendors provided a patches at the web server level. See below for a list of patches for some specific Web servers. If this information does not apply to your Web server, contact your Web server vendor. If your web server does not support filtering please have your web developers resolve this issue at the application level.
This issue is fixed in Sun ONE / iPlanet Web Server 4.1 Service Pack 12 and above. The latest service pack is available for download from Sun ONE Web Server Enterprise Edition 4.1 Service Pack 13 (http://wwws.sun.com/software/download/products/3f8472da.html).
For Microsoft IIS 4/5/5.1, apply the cumulative patch described in Microsoft Security Bulletin MS02-018 (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx). No additional service packs are planned for Windows NT 4.0. IIS 5.0 fixes will be included in Windows 2000 Service Pack 3. IIS 5.1 fixes will be included in Windows XP Service Pack 1.
Lotus Domino had this issue with Domino R5 Web server. Check the Lotus advisory SPR# JCHN4V2HUY (http://www-01.ibm.com/support/docview.wss?uid=sim490a14be07fdb479385256ad800739c35).
For IBM Websphere, please refer to websphere-faultactor-xss (30055) (http://xforce.iss.net/xforce/xfdb/30055).
For Web Applications: If your Web application is vulnerable, please check with the web application vendor for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Web Server (Sun ONE / iPlanet Web Server 4.1 Service Pack 12) (http://wwws.sun.com/software/download/products/3f8472da.html) Web Server: Windows (IIS 4.0, 5.0, 5.1) (http://www.microsoft.com/technet/security/bulletin/MS02-018.mspx) Web Server (Lotus Domio) (http://www-1.ibm.com/support/docview.wss?rs=463&q1=1098216&uid=swg21098216&loc=en_US&cs=utf-8&lang=en+en) -
Cannot Set URL For Report Server SSL Binding In SSRS 2008R2
Hi,
I have an SSL certificate that has a number of subject alternate names and I need the SSL binding for the report server and the report manager to be against one of these names, not the certificate name.
However, while it is possible to set the host header for a non-SSL identity and therefore control the URL reserved, it does not seem possible to set this for an SSL identity - the edit dialogue box simply generates the URL when you choose the certificate
from the dropdown box.
How do I set the URL for a report server SSL binding?
Cheers
DanHi Charlie,
You are correct, i am configuring SSL connections on a native mode report server and i want to configure a custom URL for it.
However, my issue is not that I cannot see the certficate - it is that I cannot set a custom URL for SSL connections. Apologies, I should have written up an example of what I am seeing:-
I have installed a certificate for a.company.com. It shows up fine in the certificate list/dropdown for configuring the web service URL SSL certificate.
I can set a host header for non-SSL traffic for a.company.com and the binding succeeds. I can also set an SSL identity in the same Advanced Multiple Web Site Configuration window for a.company.com and this also binds correctly.
However, the certficate is like a wildcard in that it supports 4 more URLs in its subject alternate name property. I would like to set an SSL identity for b.company.com which is one of those entries.
As an aside, the certificate is also installed in IIS and succeeds in binding to b.company.com. I mention this as it shows that the certificate appears to be installed correctly and is working in its wildcard-like capacity.
I can also successfully set a host header for b.company.com for the report server for non-SSL traffic. It is b.company.com that I would like to host the report server and manager under.
The issue I have is that if I try to add an SSL identity for the report server web service for b.company.com using the Advanced Multiple Web Site Configuration window, there is no editable box for URL and so it does not allow me to set the URL/host
header - it therefore always binds to a.company.com.
I have scoured the boards for answers and there have been a couple of mentions, but neither has worked for me.
This one talks about adding the required
https://b.company.com/reportserver to the rsreportserver.config file and the OP describes the issue pretty much exactly as I am experiencing plus the responder talks about this guidance as coming from MS support - however when I followed the steps the result
is the same as without the configuration:-
http://www.sql-server-performance.com/forum/threads/ssrs-2008-host-headers-and-ssl.28571/
Another suggestion (for which I have lost the link) was to amend the URL config in that file directly and add the required entry. Both posters claim it has worked for them so I am sure that using a wildcard certificate with SSRS does work! I think in my
case I am missing some extra steps as it is fine to amend the config file directly, but I don't think this actually kicks off the SSL/URL binding process which is what the dialogue window does.
Hope this helps in explaining further. I am sure this is resolvable as I cannot believe the only option for SSRS is to bind to a single domain name and ignore the other wildcard/alternate options.
Cheers
Dan -
LDAP client binding failure stops TimerTask thread
Hi There,
I try to schedule a TimerTask once ldap binding fails, but the binding failure prevents the TimerTask thread to start. Any idea? or any work around?
Thanks.
try{
ctx = new InitialLdapContext(envs[ctx_idx], null);
}catch(NamingException ne){
START();
public static void start() {
timer = new Timer();
timer.schedule(new TimerTask() {
public void run(){
System.out.println(".... Visit moniter ....");
}, 10, 1000) ;
} // end of start
...Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.
-
IOS Vulnerability reported by nessus
Hi,
I have a customer that has run a nessus vulnerability scan, and it reports that there is a dos risk on his 3750, even though the nessus report relates to winterm thin clients.
Quote:
It was possible to crash the remote host by sending a specially crafted IP packet with a null length for IP option #0xE4
Risk Factor : High
CVE : CVE-2005-2577
BID : 7175, 14536
I am relativley new to security and have been unable to find any reference to this threat. Any help would be greatly appreciated.
ThanksHi,
Thanks for the reply, the switch didn't crash he is just worried that it could, though all the info I can find relates to thin clients also. He is just very worried as this unit is actings right at his core for layer 3 on a major part of his network.
the IOS concerened is c3750-ipservices-mz.122-25.SEB4, but I cant see any bug on this that relates to altered packets. -
Report Performance with Bind Variable
Getting some very odd behaviour with a report in APEX v 3.2.1.00.10
I have a complex query that takes 5 seconds to return via TOAD, but takes from 5 to 10 minutes in an APEX report.
I've narrowed it down to one particular bind. If I hard code the date in it returns in 6 seconds, but if I let the date be passed in from a parameter it takes 5+ minutes again.
Relevant part of the query (an inline view) is:
,(select rglr_lect lect
,sum(tpm) mtr_tpm
,sum(enrols) mtr_enrols
from ops_dash_meetings_report
where meet_ev_date between to_date(:P35_END_DATE,'DD/MM/YYYY') - 363 and to_date(:P35_END_DATE,'DD/MM/YYYY')
group by rglr_lect) RPV
I've tried replacing the "to_date(:P35_END_DATE,'DD/MM/YYYY') - 363" with another item which is populated with the date required (and verified by checking session state). If I replace the :P35_END_DATE with an actual date the performance is fine again.
The weird thing is that a trace file shows me exactly the same Explain Plan as the TOAD Explain where it runs in 5 seconds.
Another odd thing is that another page in my application has the same inline view and doesn't hit the performance problem.
The trace file did show some control characters (circumflex M) after each line of this report's query where these weren't anywhere else on the trace queries. I wondered if there was some sort of corruption in the source?
No problems due to pagination as the result set is only 31 records and all being displayed.
Really stumped here. Any advice or pointers would be most welcome.
Jon.Don't worry about the Time column, the cost and cardinality are more important to see whther the CBO is making different decisions for whatever reason.
Remember that the explain plan shows the expected execution plan and a trace shows the actual execution plan. So what you want to do is compare the query with bind variables from an APEX page trace to a trace from TOAD (or sqlplus or whatever). You can do this outside APEX like this...
ALTER SESSION SET EVENTS '10046 trace name context forever, level 1';Enter and run your SQL statement...;
ALTER SESSION SET sql_trace=FALSE;This will create a a trace file in the directory returned by...
SELECT value FROM v$parameter WHERE name = 'user_dump_dest' Which you can use tkprof to format.
I am assuming that your not going over DB links or anything else slightly unusual?
Cheers
Ben -
Discoverer Report showing Null VS Show SQL query showing results !!!
I created a simple Cross Tab Discoverer report from a custom SQL which has a calculation for balances. The output is giving all null values even though there are balances. The output doesn't seem right. So I copied the query from Tools-->Show SQL and ran the query in the TOAD where I'm showing balances for the report. I don't understand why it is not showing in the discoverer. Please help.
Thanks
Edited by: PA1B on Jan 27, 2010 11:40 AMSorry for late reply.
Below is the Show SQL query. I don't think the query is application dependent. C_1 is my calculation.
SELECT o279709.SEGMENT3 as E279727,
o279709.SEGMENT4 as E279728,
CASE WHEN o279709.CURRENCY_CODE = 'USD' AND o279709.TRANSLATED_FLAG <> 'Y' THEN SUM(o279709.ENDING_BAL) ELSE 0 END as C_1,
GROUPING_ID(o279709.CURRENCY_CODE,o279709.SEGMENT3,o279709.SEGMENT4,o279709.TRANSLATED_FLAG) as GID
FROM ( --Foriegn Entity USD Balances
SELECT B.SEGMENT1,
B.SEGMENT2,
B.SEGMENT3,
(select distinct substr(cat.COMPILED_VALUE_ATTRIBUTES,5,1) from apps.fnd_flex_values cat
where FLEX_VALUE_SET_ID = (select bat.FLEX_VALUE_SET_ID from apps.fnd_id_flex_structures_vl aat, apps.fnd_id_flex_segments_vl bat
where bat.id_flex_code = 'GL#' and
bat.id_flex_code = aat.id_flex_code and
aat.APPLICATION_ID = bat.APPLICATION_ID and
aat.APPLICATION_ID = 101 and
bat.SEGMENT_NAME = 'Prime Account' and
aat.id_flex_num = bat.id_flex_num
and bat.id_flex_num in (select distinct chart_of_accounts_id from apps.gl_code_combinations gat
where gat.code_combination_id = A.code_combination_id))
and cat.flex_value = b.segment3) ACCT_TYPE ,
B.SEGMENT4,
B.SEGMENT5,
B.SEGMENT6,
B.SEGMENT7,
B.SEGMENT8,
B.SEGMENT9,
B.SEGMENT10,
B.SEGMENT11,
B.SEGMENT12,
B.SEGMENT13,
C.NAME,
A.SET_OF_BOOKS_ID,
A.CURRENCY_CODE,A.TRANSLATED_FLAG,
SUM(NVL(A.BEGIN_BALANCE_DR,0) - NVL(A.BEGIN_BALANCE_CR,0)) BEG_BAL,
SUM(NVL(A.PERIOD_NET_DR,0)) DEBITS,
SUM( NVL(A.PERIOD_NET_CR,0)) CREDITS ,
A.PERIOD_NAME,
SUM(NVL(A.BEGIN_BALANCE_DR,0) - NVL(A.BEGIN_BALANCE_CR,0))+ SUM(NVL(A.PERIOD_NET_DR,0) - NVL(A.PERIOD_NET_CR,0)) ENDING_BAL
FROM APPS.GL_BALANCES A ,
APPS.GL_CODE_COMBINATIONS B,
APPS.GL_SETS_OF_BOOKS C
WHERE A.CODE_COMBINATION_ID = B.CODE_COMBINATION_ID
--AND A.PERIOD_NAME = 'SEP-09'
AND C.SET_OF_BOOKS_ID = A.SET_OF_BOOKS_ID
--AND A.TRANSLATED_FLAG <> 'Y'
--AND B.SEGMENT1 = '83101'
--AND B.SEGMENT3 = '14602'
--AND A.SET_OF_BOOKS_ID = 77
--AND A.CURRENCY_CODE = 'USD'
GROUP BY A.CODE_COMBINATION_ID,
B.SEGMENT1,
B.SEGMENT2,
B.SEGMENT3,
B.SEGMENT4,
B.SEGMENT5,
B.SEGMENT6,
B.SEGMENT7,
B.SEGMENT8,
B.SEGMENT9,
B.SEGMENT10,
B.SEGMENT11,
B.SEGMENT12,
B.SEGMENT13,
A.CURRENCY_CODE,
A.TRANSLATED_FLAG,
C.NAME,A.PERIOD_NAME,
A.SET_OF_BOOKS_ID
) o279709
WHERE (o279709.PERIOD_NAME = 'DEC-09')
AND (o279709.SET_OF_BOOKS_ID <> 72)
AND (o279709.SEGMENT12 = '000')
AND (o279709.SEGMENT3 IN ('10101','10301','10502','12001'))
AND (o279709.SEGMENT1 IN ('82901','82902','82903','83001','83003','83201'))
GROUP BY GROUPING SETS(( o279709.CURRENCY_CODE,o279709.SEGMENT3,o279709.SEGMENT4,o279709.TRANSLATED_FLAG ),( o279709.SEGMENT3,o279709.SEGMENT4 ),( o279709.SEGMENT3 ))
HAVING (GROUP_ID()=0)
ORDER BY GID DESC;
Thanks,
PA1
Edited by: PA1B on Jan 29, 2010 12:50 PM -
Discoverer report showing null instead blank
hi,
I am running report from discoverer and it is showing null instead blank, do I need to check some thing in pref.txt file in oracle 9i
regards
kumarhi,
I am running report from discoverer and it is showing null instead blank, do I need to check some thing in pref.txt file in oracle 9i
regards
kumar -
Crosstab report with null or wrong totals
I have a crosstab report that when I put a field in an item report area and setting <all> for values I get null values and with other fields I get wrong results (less than I wait). If there's no report item, it's return the correct results.
I have checked the SQL and it not return any null value.
I believe that the crosstab try to aggragate and sum the null values of the empty cells in my crosstab.
Anyone knows how to fix it?
I'm using Discoverer 10g Desktop.can you send your xml data and template to [email protected]
-
Script or query to generate a report of null or not null columns
I need a script/query it should pick up all the tables from user_tab_columns and produce a report for all the tables which are the columns are null and not null.
As long as the columns were defined as NOT NULL on table create, or ALTERed NOT NULL, you can do this:
SQL> CREATE TABLE t (id NUMBER NOT NULL, descr VARCHAR2(10));
Table created.
SQL> SELECT column_name, table_name, nullable
2 FROM user_tab_columns
3 WHERE table_name = 'T';
COLUMN_NAME TABLE_NAME N
ID T N
DESCR T Y
SQL> ALTER TABLE t modify (descr NOT NULL);
Table altered.
SQL> SELECT column_name, table_name, nullable
2 FROM user_tab_columns
3 WHERE table_name = 'T';
COLUMN_NAME TABLE_NAME N
ID T N
DESCR T NNote that if you do:
ALTER TABLE t ADD CONSTRAINT id_nn CHECK (id IS NOT NULL);then the nullable column in xxx_tab_columns will remain as Y.
HTH
John
Maybe you are looking for
-
Transfer OTL to Payroll is not working for Custom Field Values
Hi, We have Extended the Payroll and Project layout in OTL to include custom fields. Now linked the fields to Element entries input values. The issue happens when a retro batch is processed and transfered to Payroll the input values are not getting p
-
How can I change the layout on this JDialog?
Hi , I have the following Dialog with some content. As of now, the line after the separator is displayed in two lines. I was looking for a way to show that in one line and change the column widths a bit so that the rest of the content can each be sho
-
Lost all my music in my computer itunes, why?
I lost all music on my computer itunes, why?
-
Blue screen when trying to connect ipod
When trying to connect my ipod to my computer it reboots it into a blue screen that looks something like this... STOP: 000000007F (0000000008, 0X80154000 etc, etc.) minidump something something. I looked in my minidump folder but there was nothing in
-
In earlier versions of Firefox, I could set options such that when a download completed successfully, the download entry was automatically removed from the download windows. I don't seem to be able to get this functionality in ver 13.0.1. In this ver