[NT] Vulnerability in Host Integration Server RPC Service Allows Code Execution (MS08-059)



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Vulnerability in Host Integration Server RPC Service Allows Code Execution
(MS08-059)
------------------------------------------------------------------------


SUMMARY

This security update resolves a privately reported vulnerability in
Microsoft Host Integration Server. The vulnerability could allow remote
code execution if an attacker sent a specially crafted Remote Procedure
Call (RPC) request to an affected system. Customers who follow best
practices and configure the SNA RPC service account to have fewer user
rights on the system could be less impacted than customers who configure
the SNA RPC service account to have administrative user rights.

This security update is rated Critical for all supported editions of
Microsoft Host Integration Server 2000, Microsoft Host Integration Server
2004, and Microsoft Host Integration Server 2006. For more information,
see the subsection, Affected and Non-Affected Software, in this section.

DETAILS

Affected Software:
*
<http://www.microsoft.com/downloads/details.aspx?familyid=11CCA58B-59A4-4E93-9EB1-19B07C290A10> Microsoft Host Integration Server 2000 Service Pack 2 (Server) - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=41B49291-1231-4E23-AEF7-818207453D56> Microsoft Host Integration Server 2000 Administrator Client - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=9CA255ED-9334-4848-AF94-49EF3078CDC0> Microsoft Host Integration Server 2004 (Server) - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=ECA756A1-CA56-4481-B23C-53C159A4E08C> Microsoft Host Integration Server 2004 Service Pack 1 (Server) - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=92CB54E7-F4FF-40A4-99CB-6257C4D8D4CD> Microsoft Host Integration Server 2004 (Client) - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=D776515C-09AA-4A04-876D-606BFC26A006> Microsoft Host Integration Server 2004 Service Pack 1 (Client) - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=1AE79DA3-EC17-4D4B-8011-D777A237AC93> Microsoft Host Integration Server 2006 for 32-bit systems - Remote Code Execution - Critical - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=05DA4540-4976-458A-A612-7385D78695A2> Microsoft Host Integration Server 2006 for x64-based systems - Remote Code Execution - Critical - None

HIS Command Execution Vulnerability - CVE- 2008-3466
A remote code execution vulnerability exists in the SNA Remote Procedure
Call (RPC) service for Host Integration Server. An attacker could exploit
the vulnerability by constructing a specially crafted RPC request. The
vulnerability could allow remote code execution. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3466>
CVE-2008-3466

Mitigating Factors for HIS Command Execution Vulnerability - CVE-
2008-3466
Mitigation refers to a setting, common configuration, or general
best-practice, existing in a default state, that could reduce the severity
of exploitation of a vulnerability. The following mitigating factors may
be helpful in your situation:

* An attacker who successfully exploited this vulnerability could gain
the same user rights as the SNA service account as specified during the
install of Host Integration Server. Customers who follow best practices
and configure the SNA RPC service account to have fewer user rights on the
system could be less impacted than customers who configure the SNA service
account to have administrative user rights.

* For systems with Microsoft Host Integration Server 2000 Administrator
Client or the Microsoft Host Integration Server 2004 Client, the default
installation does not create or start the SNA Remote Procedure Call (RPC)
service where the vulnerability exists. However; the files are installed
by default and can be started therefore we highly recommend that customers
apply the update if they have a vulnerable version of the product.


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:
<http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [Full-disclosure] iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Co
    ... The Host Integration Server is an application suite that is used to ... Exploitation of this vulnerability results in the execution of arbitrary ... iDefense has confirmed the existence of this vulnerability in Host ... Microsoft has officially addressed this vulnerability with Security ...
    (Full-Disclosure)
  • iDefense Security Advisory 10.14.08: Microsoft Host Integration Server 2006 Command Execution Vulner
    ... The Host Integration Server is an application suite that is used to ... Exploitation of this vulnerability results in the execution of arbitrary ... iDefense has confirmed the existence of this vulnerability in Host ... Microsoft has officially addressed this vulnerability with Security ...
    (Bugtraq)
  • SecurityFocus Microsoft Newsletter #174
    ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #165
    ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)