Unchecked Buffer in Remote Access Service Phonebook New

A security flaw exists in the RAS phonebook implementation where a phonebook value is not properly checked and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes; causing a system failure or running code on the system with LocalSystem privileges.

Issue

The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000 and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems.

If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

Affected Products

• Microsoft Windows NT 4.0
• Microsoft Windows NT 4.0 Terminal Server Edition
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Routing and Remote Access Server

Download

Software patches are available from the following locations:

• Microsoft Windows NT 4.0
• Microsoft Windows NT 4.0 running RRAS (English Only)
• Microsoft Windows NT 4.0 Terminal Server Edition
• Microsoft Windows NT 4.0 Terminal Server Edition running RRAS (English Only)
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows XP 64-bit Edition

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: June 12, 2002

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<