Windows NT Remote Access Service Phonebook Vulnerability PatchPrevent malicious users from exploiting a buffer overrun vulnerability in the Windows NT RAS Phonebook. | |
Download |
Windows NT Remote Access Service Phonebook Vulnerability Patch Ranking & Summary
Advertisement
- License:
- Free
- Publisher Name:
- Microsoft
- Publisher web site:
- http://www.microsoft.com/
- Operating Systems:
- Windows NT
- File Size:
- 592K
Windows NT Remote Access Service Phonebook Vulnerability Patch Tags
Windows NT Remote Access Service Phonebook Vulnerability Patch Description
The Remote Access Service (RAS) provides dial-up connections between computers and networks over phone lines. RAS is delivered as a native system service in Windows NT 4.0, Windows 2000, and Windows XP, and also is included in a separately downloadable Routing and Remote Access Server (RRAS) for Windows NT 4.0. All of these implementations include a RAS phonebook, which is used to store information about telephone numbers, security, and network settings used to dial-up remote systems. A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.
Windows NT Remote Access Service Phonebook Vulnerability Patch Related Software