Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Host Integration Server vulnerabilities could allow denial of service


Report ID: MS201110008
Date Published: 12 October 2011

Criticality: Important
Compromise Type: denial-of-service
Compromise From: remote


Affected Product/Component:

Microsoft Host Integration Server 2004
Microsoft Host Integration Server 2006
Microsoft Host Integration Server 2009
Microsoft Host Integration Server 2010




Summary

Two denial of service vulnerabilities in Microsoft Host Integration Server could result in the affected SNA Server service and all dependent services to stop responding.



Detailed Description

Microsoft has issued a security update to fix two unauthenticated denial of service vulnerabilities affecting Microsoft Host Integration Server. Upon successful exploit, an attacker could cause snabase.exe, snaserver.exe, snalink.exe or mngagent,exe to stop responding to new requests.

The vulnerabilities were caused by improper input validation when Host Integration Server handles specially crafted UDP and TCP network traffic. In the update, this issue has been fixed by introducing changes in the way that UDP and TCP packets are handled. Users are recommended to install the update to protect their system from potential exploit.



CVE Reference

CVE-2011-2007, CVE-2011-2008



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-082)



Online Virus Scanner

 
Run a quick online virus scan of your computer.