=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN435
_____________________________________________________________________

DATE                      : 15/10/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Host Integration
                                               Server.

======================================================================
KB956695
http://www.microsoft.com/technet/security/bulletin/ms08-059.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-059 - Critical

Vulnerability in Host Integration Server RPC Service Could Allow Remote
Code Execution (956695)

   Published: October 14, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability in
   Microsoft Host Integration Server. The vulnerability could allow
   remote code execution if an attacker sent a specially crafted Remote
   Procedure Call (RPC) request to an affected system. Customers who
   follow best practices and configure the SNA RPC service account to
   have fewer user rights on the system could be less impacted than
   customers who configure the SNA RPC service account to have
   administrative user rights.

   This security update is rated Critical for all supported editions of
   Microsoft Host Integration Server 2000, Microsoft Host Integration
   Server 2004, and Microsoft Host Integration Server 2006. For more
   information, see the subsection, Affected and Non-Affected Software,
   in this section.

   The security update addresses the vulnerability by validating RPC
   requests.

   Recommendation. Microsoft recommends that customers apply the update
   immediately.

Affected Software

   Microsoft Host Integration Server 2000 Service Pack 2 (Server)

   Microsoft Host Integration Server 2000 Administrator Client

   Microsoft Host Integration Server 2004 (Server)

   Microsoft Host Integration Server 2004 Service Pack 1 (Server)

   Microsoft Host Integration Server 2004 (Client)

   Microsoft Host Integration Server 2004 Service Pack 1 (Client)

   Microsoft Host Integration Server 2006 for 32-bit systems

   Microsoft Host Integration Server 2006 for x64-based systems

Vulnerability Information

HIS Command Execution Vulnerability - CVE-2008-3466

   A remote code execution vulnerability exists in the SNA Remote
   Procedure Call (RPC) service for Host Integration Server. An attacker
   could exploit the vulnerability by constructing a specially crafted
   RPC request. The vulnerability could allow remote code execution. An
   attacker who successfully exploited this vulnerability could take
   complete control of an affected system.

Workarounds for HIS Command Execution Vulnerability - CVE-2008-3466

   For Host Integration Server 2004 and Host Integration Server 2006, do
   not configure the HIS/SNA service to run with an Administrator
   Account.

   For Host Integration Server 2000, Host Integration Server 2004 and
   Host Integration Server 2006, disable the SNA RPC Service.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================