Security Home > Windows NT, 2000 & XP

Unchecked Buffer in Remote Access Service Phonebook New

A security flaw exists in the RAS phonebook implementation where a phonebook value is not properly checked and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes; causing a system failure or running code on the system with LocalSystem privileges.

Issue

The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.

If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

Affected Products

  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 Terminal Server Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Routing and Remote Access Server

Download

Software patches are available from the following locations:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 12, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<