Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695) |
| Informations | |||
|---|---|---|---|
| Name | MS08-059 | First vendor Publication | 2008-10-14 |
| Vendor | Microsoft | Last vendor Modification | 2008-10-29 |
| Severity (Vendor) | Critical | Revision | 1.2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.2 (October 29, 2008): Corrected the impact of the workaround that deals with disabling the SNA RPC Service. Summary: This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS08-059.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6075 | |||
| Oval ID: | oval:org.mitre.oval:def:6075 | ||
| Title: | HIS Command Execution Vulnerability | ||
| Description: | Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3466 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Client Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2006 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 3 | |
| Application | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Host Integration Server SNA RPC authentication bypass | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-10-15 | Name : Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) File : nvt/secpod_ms08-059_900049.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 49068 | Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow An overflow exists in Host Integration Server. The RPC interface fails to validate SNA RPC messages resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2008-10-16 | IAVM : 2008-B-0074 - Microsoft Host Integration Server RPC Service Remote Code Execution Vulnerabi... Severity : Category I - VMSKEY : V0017794 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian bind attempt RuleID : 14740 - Revision : 5 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14739 - Revision : 5 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian alter context attempt RuleID : 14738 - Revision : 5 - Type : NETBIOS |
| 2014-01-10 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14737 - Revision : 15 - Type : OS-WINDOWS |
Metasploit Database
| id | Description |
|---|---|
| 2008-10-14 | Microsoft Host Integration Server 2006 Command Execution Vulnerability |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_kb956695.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_nt_ms08-059.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:12 |
|
| 2015-05-28 21:26:34 |
|
| 2014-02-17 11:46:04 |
|
| 2014-01-19 21:30:15 |
|
| 2013-11-11 12:41:09 |
|
| 2013-05-11 00:49:22 |
|
