Vulnerability Bulletins |
Ejecución remota de código en Microsoft Host Integration Server (HIS) |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software | Microsoft Host Integration Server (HIS) 2000, 2004 y 2006 |
Description |
|
|
Se ha descubierto una vulnerabilidad en Microsoft Host Integration Server (HIS) 2000, 2004 y 2006. Un atacante remoto podría saltar la autenticación y ejecutar código arbitrario mediante un mensaje SNA RPC especialmente diseñado. |
|
Solution |
|
|
Actualización de software Microsoft (MS08-059) Microsoft Host Integration Server 2000 Service Pack 2 (Servidor) / patch HIS2000-KB956695-SRV-SP2-ENU Microsoft Host Integration Server 2000 Administrator Cliente / patch HIS2000-KB956695-ADM-SP2-ENU Microsoft Host Integration Server 2004 (Servidor) / patch HIS2004-KB956695-SRV-ENU Microsoft Host Integration Server 2004 Service Pack 1 (Servidor) / patch HIS2004-KB956695-SRV-SP1-ENU Microsoft Host Integration Server 2004 (Cliente) / patch HIS2004-KB956695-CLI-ENU Microsoft Host Integration Server 2004 Service Pack 1 (Client) / patch HIS2004-KB956695-CLI-SP1-ENU Microsoft Host Integration Server 2006 for 32-bit systems / patch HIS2006-KB956695-x86-ENU Microsoft Host Integration Server 2006 for x64-based systems / patch HIS2006-KB956695-x64-ENU http://www.microsoft.com/downloads |
|
Standar resources |
|
| Property | Value |
| CVE | CVE- 2008-3466 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin (MS08-059) http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2008-10-16 |