Microsoft Host Integration Server RPC Service Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	10/14/2008
Severity:	High
Operating Systems Affected:	Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2006

Synopsis

Microsoft Windows is prone to a remote code execution vulnerability due to specially crafted RPC requests allow remote unauthenticated users to bypass authentication within the SNA RPC service.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-059.mspx

Threat Analysis

Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network.

A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server. An attacker could exploit the vulnerability by constructing a specially crafted RPC request.

An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs, view, change, delete data or create new accounts with full user rights.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3466

Write-up by: Aditya Chaturvedi

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |