Public exploits available
On this page
A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server.
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Technical details (analysis)
Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. Specially crafted RPC requests allow remote unauthenticated users to bypass authentication within the SNA RPC service. An attacker could try to exploit the vulnerability by creating a specially crafted RPC message and sending the message to an affected system over the RPC TCP/UDP port which is dynamically assigned by Host Integration Server.
Microsoft Host Integration Server 2000 Service Pack 2 (Server)
Microsoft Host Integration Server 2000 Administrator Client
Microsoft Host Integration Server 2004 (Server)
Microsoft Host Integration Server 2004 Service Pack 1 (Server)
Microsoft Host Integration Server 2004 (Client)
Microsoft Host Integration Server 2004 Service Pack 1 (Client)
Microsoft Host Integration Server 2006 for 32-bit systems
Microsoft Host Integration Server 2006 for x64-based systems
All applications not on the affected list.
Release Date: 2008-10-14T00:00:00
Known false positives
The signature blocks certain methods exposed by the interface that are considered dangerous if used by an unauthenticated user. This signature can be ignored if such usage is permitted in your policy.
For Host Integration Server 2004 and Host Integration Server 2006, do not configure the HIS/SNA service to run with an Administrator Account
For Host Integration Server 2000, Host Integration Server 2004 and Host Integration Server 2006, disable the SNA RPC Service