Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2008-3466 to a friend New vulnerability? New tool? Tell us	CVE-2008-3466 Vulnerability in Host Integration Server RPC Service Allows Code Execution (MS08-059)     Credit: The information has been provided by iDefense. The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2008-3466 Details Check for CVE-2008-3466 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Affected Software:  * Microsoft Host Integration Server 2000 Service Pack 2 (Server) - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2000 Administrator Client - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2004 (Server) - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2004 Service Pack 1 (Server) - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2004 (Client) - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2004 Service Pack 1 (Client) - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2006 for 32-bit systems - Remote Code Execution - Critical - None  * Microsoft Host Integration Server 2006 for x64-based systems - Remote Code Execution - Critical - None HIS Command Execution Vulnerability - CVE- 2008-3466 A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server. An attacker could exploit the vulnerability by constructing a specially crafted RPC request. The vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. CVE Information: CVE-2008-3466 Mitigating Factors for HIS Command Execution Vulnerability - CVE- 2008-3466 Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:  * An attacker who successfully exploited this vulnerability could gain the same user rights as the SNA service account as specified during the install of Host Integration Server. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA service account to have administrative user rights.  * For systems with Microsoft Host Integration Server 2000 Administrator Client or the Microsoft Host Integration Server 2004 Client, the default installation does not create or start the SNA Remote Procedure Call (RPC) service where the vulnerability exists. However; the files are installed by default and can be started therefore we highly recommend that customers apply the update if they have a vulnerable version of the product.  Comments on CVE-2008-3466:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®