Our vulnerability scanner has found below vulnerability with the Univention 4.4.1 version. I have tried to fix with available options but none of them are working. Please have a look & let me know if you can suggest any fixes for these issues.
1 #### DNS Server Zone Transfer Information Disclosure (AXFR)
What is the solution for this if samba4 is used for dns/backend. I have modified UCR variable dns/allow/transfer but it’s not working
2 #### DNS Server Cache Snooping Remote Information Disclosure
How to fix recursive queries with Bind/Samba4 DNS ?
3 #### Microsoft Windows SMB NULL Session Authentication
Modied UCR values to below but the vulnerbility is still there
samba/map_to_guest = Never
samba/usershare/allow_guests = no
samba/guest_ok = no
4 #### SSL Certificate Cannot Be Trusted & Self Signed
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : C=IN/ST=IN/L=IN/O=IN/OU=Univention Corporate Server/CN=Univention Corporate Server Root CA (ID=…0eljw…)/Efirstname.lastname@example.org