Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3466

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3466
Last Modified 14 Jul 2015 01:48:09
Published 14 Oct 2008 08:12:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3466

Summary

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

Vulnerable Systems

Application

  • Microsft Host Integration Server 2000

  • Microsft Host Integration Server 2004

  • Microsft Host Integration Server 2006

  • Microsft Host Integration Server 2006unknown

  • Microsoft Host Integration Server 2000

  • Microsoft Host Integration Server 2004

  • Microsoft Host Integration Server 2006


References

CERT - TA08-288A

BID - 31620

MS - MS08-059

SECUNIA - 32233

VUPEN - ADV-2008-2810

SECTRACK - 1021043

HP - SSRT080143

IDEFENSE - 20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability

HP - HPSBST02379


Last Updated: 27 May 2016 11:09:13