Windows NT Remote Access Service Phonebook Vulnerability Patch Prevent malicious users from exploiting a buffer overrun vulnerability in the Windows NT RAS Phonebook.
Download

Windows NT Remote Access Service Phonebook Vulnerability Patch Ranking & Summary

Windows NT Remote Access Service Phonebook Vulnerability Patch Tags

RAS ras file RAS library RAS client RAS modification buffer overflow vulnerability View RAS ras software ras utility

Windows NT Remote Access Service Phonebook Vulnerability Patch Description

The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000, and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems. A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.

Windows NT Remote Access Service Phonebook Vulnerability Patch Related Software