Executive Summary
Summary | |
---|---|
Title | Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
Informations | |||
---|---|---|---|
Name | MS08-059 | First vendor Publication | 2008-10-14 |
Vendor | Microsoft | Last vendor Modification | 2008-10-29 |
Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.2 (October 29, 2008): Corrected the impact of the workaround that deals with disabling the SNA RPC Service. Summary: This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-059.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6075 | |||
Oval ID: | oval:org.mitre.oval:def:6075 | ||
Title: | HIS Command Execution Vulnerability | ||
Description: | Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3466 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Client Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2006 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 3 | |
Application | 2 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Host Integration Server SNA RPC authentication bypass | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-10-15 | Name : Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) File : nvt/secpod_ms08-059_900049.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49068 | Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow An overflow exists in Host Integration Server. The RPC interface fails to validate SNA RPC messages resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-10-16 | IAVM : 2008-B-0074 - Microsoft Host Integration Server RPC Service Remote Code Execution Vulnerabi... Severity : Category I - VMSKEY : V0017794 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian bind attempt RuleID : 14740 - Revision : 5 - Type : NETBIOS |
2015-05-28 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14739 - Revision : 5 - Type : NETBIOS |
2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian alter context attempt RuleID : 14738 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14737 - Revision : 15 - Type : OS-WINDOWS |
Metasploit Database
id | Description |
---|---|
2008-10-14 | Microsoft Host Integration Server 2006 Command Execution Vulnerability |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_kb956695.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_nt_ms08-059.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-05-23 13:17:12 |
|
2015-05-28 21:26:34 |
|
2014-02-17 11:46:04 |
|
2014-01-19 21:30:15 |
|
2013-11-11 12:41:09 |
|
2013-05-11 00:49:22 |
|