CVE-2008-3466 - OpenCVE

Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Host Integration Server 2006 Host Integration Server 2004 Host Integration Server 2000

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:host_integration_server_2000:::::client:::*
	cpe:2.3:a:microsoft:host_integration_server_2000::sp2:::server:::
	cpe:2.3:a:microsoft:host_integration_server_2004:::::client:::*
	cpe:2.3:a:microsoft:host_integration_server_2004:::::server:::*
	cpe:2.3:a:microsoft:host_integration_server_2004::sp1:::server:::
	cpe:2.3:a:microsoft:host_integration_server_2006:::::::x64:*
	cpe:2.3:a:microsoft:host_integration_server_2006:::::::x86:*

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
http://marc.info/?l=bugtraq&m=122479227205998&w=2
http://secunia.com/advisories/32233	Patch Vendor Advisory
http://www.securityfocus.com/bid/31620	Exploit Patch
http://www.securitytracker.com/id?1021043
http://www.us-cert.gov/cas/techalerts/TA08-288A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/2810
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-10-15T00:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2008-08-04T00:00:00

Link: CVE-2008-3466

JSON object: View

NVD Information

Status : Modified

Published: 2008-10-15T00:12:15.740

Modified: 2018-10-12T21:48:03.247

Link: CVE-2008-3466

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-10-14T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "ADV-2008-2810", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2810"}, {"name": "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745"}, {"name": "31620", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31620"}, {"name": "SSRT080143", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "32233", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32233"}, {"name": "HPSBST02379", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "MS08-059", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059"}, {"name": "TA08-288A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "1021043", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021043"}, {"name": "oval:org.mitre.oval:def:6075", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2008-3466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2810", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2810"}, {"name": "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745"}, {"name": "31620", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31620"}, {"name": "SSRT080143", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "32233", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32233"}, {"name": "HPSBST02379", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"name": "MS08-059", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059"}, {"name": "TA08-288A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"name": "1021043", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021043"}, {"name": "oval:org.mitre.oval:def:6075", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2008-3466", "datePublished": "2008-10-15T00:00:00", "dateReserved": "2008-08-04T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*", "matchCriteriaId": "8B33F8D8-DCA9-4AD7-A2EE-2E147C0B22BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*", "matchCriteriaId": "3735842E-8460-47DF-80CE-07A1B5B7B2BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*", "matchCriteriaId": "F36B2527-D82F-4473-988D-64C2222726AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*", "matchCriteriaId": "0BE2E52C-FEC4-46E4-9466-DFA925798DA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*", "matchCriteriaId": "D9518CB8-38F4-4E11-A652-D2784CBE0F5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*", "matchCriteriaId": "7F919C01-85B1-4E0D-BCEF-EDF411814436", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*", "matchCriteriaId": "9EE996C0-B973-4584-AA99-2A7832C5F85E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\""}, {"lang": "es", "value": "Microsoft Host Integration Server (HIS) 2000, 2004 y 2006 no limita el acceso RPC a funciones administrativas, lo que permite a atacantes remotos evitar la autentificaci\u00f3n y ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje SNA RPC, tambi\u00e9n conocido como \"HIS Command Execution Vulnerability (Vulnerabilidad de Ejecuci\u00f3n de Comandos HIS)\"."}], "id": "CVE-2008-3466", "lastModified": "2018-10-12T21:48:03.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-15T00:12:15.740", "references": [{"source": "secure@microsoft.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745"}, {"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/32233"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/31620"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1021043"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/2810"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}