Follow:

Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466

Severity rating
Critical

Class/Type
Policy

Discovered date
2008-10-14T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the SNA Remote Procedure Call (RPC) service for Host Integration Server.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



Technical details (analysis)

Remote Procedure Call (RPC) is a protocol that a program can use to request a service from a program located on another computer in a network. RPC helps with interoperability because the program using RPC does not have to understand the network protocols that are supporting communication. Specially crafted RPC requests allow remote unauthenticated users to bypass authentication within the SNA RPC service. An attacker could try to exploit the vulnerability by creating a specially crafted RPC message and sending the message to an affected system over the RPC TCP/UDP port which is dynamically assigned by Host Integration Server.



Affected software

Microsoft Host Integration Server 2000 Service Pack 2 (Server)
Microsoft Host Integration Server 2000 Administrator Client
Microsoft Host Integration Server 2004 (Server)
Microsoft Host Integration Server 2004 Service Pack 1 (Server)
Microsoft Host Integration Server 2004 (Client)
Microsoft Host Integration Server 2004 Service Pack 1 (Client)
Microsoft Host Integration Server 2006 for 32-bit systems
Microsoft Host Integration Server 2006 for x64-based systems



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/MSRPC.HIS.RCE!CVE-2008-3466
Release Date: 2008-10-14T00:00:00



Known false positives

The signature blocks certain methods exposed by the interface that are considered dangerous if used by an unauthenticated user. This signature can be ignored if such usage is permitted in your policy.



Work-arounds

For Host Integration Server 2004 and Host Integration Server 2006, do not configure the HIS/SNA service to run with an Administrator Account
For Host Integration Server 2000, Host Integration Server 2004 and Host Integration Server 2006, disable the SNA RPC Service