| VID |
26061 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hoftix(Q318138) for 'the Code Execution Vulnerability due to unchecked buffer in Remote Access Server Phonebook' has not been applied.
The RAS phonebook is used to keep information that describes sites that can be connected to using dial-up networking via RAS. A phonebook entry contains information about the dial-up phone number, security, and network settings. However, a buffer overflow vulnerability can occurs because of an unchecked buffer in the Remote Access Service Phonebook. By creating a malformed phonebook entry, a local attacker could cause a buffer overflow to occur when an attempt to logon to a remote computer is made using the malformed entry. The attacker could use this vulnerability to execute arbitrary code on the system with LocalSystem privileges or cause the RAS service to crash. Anyone who could log onto the system interactively, can exploit the vulnerability.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/technet/security/bulletin/MS02-029.asp
http://www.kb.cert.org/vuls/id/855811
* Platforms Affected:
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS02-029 at
http://www.microsoft.com//technet/security/bulletin/MS02-029.asp
1. Open the following page :
for Microsoft Windows NT 4.0,
http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp
for Microsoft Windows NT 4.0 running RRAS (English Only),
http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp
for Microsoft Windows NT 4.0 Terminal Server Editio,:
http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp
for Microsoft Windows NT 4.0 Terminal Server Edition running RRAS (English Only),
http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp
for Microsoft Windows 2000,
http://www.microsoft.com/windows2000/downloads/security/q318138/default.asp
for Microsoft Windows XP,
http://www.microsoft.com/downloads/release.asp?ReleaseID=38833
for Microsoft Windows XP 64-bit Edition,
http://www.microsoft.com/downloads/release.asp?ReleaseID=39011
2. Select a different language from the drop-down list and click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
5. Restart your system to complete the installation.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com.
Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2002-0366 (CVE) |
| Related URL |
4852 (SecurityFocus) |
| Related URL |
9326 (ISS) |
|
