漏洞信息详情
Microsoft Host Integration Server RPC远程命令执行漏洞
- CNNVD编号:CNNVD-200810-247
- 危害等级: 超危
- CVE编号: CVE-2008-3466
- 漏洞类型: 授权问题
- 发布时间: 2008-10-15
- 威胁类型: 远程
- 更新时间: 2009-03-04
- 厂 商: microsoft
- 漏洞来源: Stephen Fewer
漏洞简介
Host Integration Server通过提供应用、数据和网络集成特性,将Microsoft Windows扩展至其它系统。
Host Integration Server的RPC接口所暴露的一些方式允许未经认证的攻击者在服务器上执行任意程序。RPC opcodes 1和6都允许攻击者调用CreateProcess()函数并向其传送命令行,这可能导致完全入侵服务器。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Microsoft Host Integration Server 2000 Administrator Client 0
Microsoft Security Update for Microsoft Host Integration Server 2000 Admin Client
http://www.microsoft.com/downloads/details.aspx?familyid=41B49291-1231 -4E23-AEF7-818207453D56&displaylang=en
Microsoft Host Integration Server 2004 SP1
Microsoft Security Update for Microsoft Host Integration Server 2004 SP1 Client
http://www.microsoft.com/downloads/details.aspx?familyid=D776515C-09AA -4A04-876D-606BFC26A006&displaylang=en
Microsoft Security Update for Microsoft Host Integration Server 2004 SP1 Server
http://www.microsoft.com/downloads/details.aspx?familyid=ECA756A1-CA56 -4481-B23C-53C159A4E08C&displaylang=en
Microsoft Host Integration Server 2000 SP2
Microsoft Security Update for Microsoft Host Integration Server 2000 Server
http://www.microsoft.com/downloads/details.aspx?familyid=11CCA58B-59A4 -4E93-9EB1-19B07C290A10
Microsoft Host Integration Server 2006 0
Microsoft Security Update for Microsoft Host Integration Server 2006 for x64
http://www.microsoft.com/downloads/details.aspx?familyid=05DA4540-4976 -458A-A612-7385D78695A2&displaylang=en
Microsoft Security Update for Microsoft Host Integration Server 2006 for x86
http://www.microsoft.com/downloads/details.aspx?familyid=1AE79DA3-EC17 -4D4B-8011-D777A237AC93&displaylang=en
Microsoft Host Integration Server 2004 0
Microsoft Security Update for Microsoft Host Integration Server 2004 Client - English
http://www.microsoft.com/downloads/details.aspx?familyid=92CB54E7-F4FF -40A4-99CB-6257C4D8D4CD&displaylang=en
Microsoft Security Update for Microsoft Host Integration Server 2004 Server
http://www.microsoft.com/downloads/details.aspx?familyid=9CA255ED-9334 -4848-AF94-49EF3078CDC0&displaylang=en
参考网址
来源: US-CERT
名称: TA08-288A
链接:http://www.us-cert.gov/cas/techalerts/TA08-288A.HTML
来源: BID
名称: 31620
链接:http://www.securityfocus.com/bid/31620
来源: MS
名称: MS08-059
链接:http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
来源: SECUNIA
名称: 32233
链接:http://secunia.com/advisories/32233
来源: SECTRACK
名称: 1021043
链接:http://www.securitytracker.com/id?1021043
来源: VUPEN
名称: ADV-2008-2810
链接:http://www.frsirt.com/english/advisories/2008/2810
来源: OVAL
名称: oval:org.mitre.oval:def:6075
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6075
来源: HP
名称: HPSBST02379
链接:http://marc.info/?l=bugtraq&m=122479227205998&w=2
来源: HP
名称: HPSBST02379
链接:http://marc.info/?l=bugtraq&m=122479227205998&w=2
来源: IDEFENSE
名称: 20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
受影响实体
- Microsoft Host_integration_server_2000:Sp2:~~Server~~~
- Microsoft Host_integration_server_2000:~~Client~~~
- Microsoft Host_integration_server_2006:~~~~X64~
- Microsoft Host_integration_server_2004:~~Client~~~
- Microsoft Host_integration_server_2006:~~~~X86~
补丁
暂无
评论