Re: Microsoft Security Bulletin MS02-029

From: Bruce Chambers (bchambers@nospam.cableone.net)
Date: 06/13/02 

From: "Bruce Chambers" <bchambers@nospam.cableone.net>
Date: Thu, 13 Jun 2002 08:30:41 -0600

Greetings --

    Thanks for the heads up. And for those who would like the Security
bulletins delivered directly to your door:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/notify.asp

HTH&GL,

Bruce Chambers
__
The truth of a proposition has nothing to do with its credibility. And vice
versa. -- RAH

"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:OxSGifmECHA.2432@tkmsftngp02...
> Title: Unchecked Buffer in Remote Access Service Phonebook Could
>
> Lead to Code Execution (Q318138)
>
> Date: 12 June 2002
>
> Software: Windows NT 4.0, NT 4.0 Terminal Server Edition, 2000, XP,
>
> Routing and Remote Access Server (RRAS)
>
> Impact: Local Privilege Escalation
>
> Max Risk: Critical
>
> Bulletin: MS02-029
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-029.asp.
>
> - ----------------------------------------------------------------------
>
> Issue:
>
> ======
>
> The Remote Access Service (RAS) provides dial-up connections between
>
> computers and networks over phone lines. RAS is delivered as a native
system
> service in Windows NT 4.0, Windows 2000 and Windows XP, and
>
> also is included in a separately downloadable Routing and Remote
>
> Access Server (RRAS) for Windows NT 4.0. All of these implementations
> include a RAS phonebook, which is used to store information about
>
> telephone numbers, security, and network settings used to dial-up
>
> remote systems.
>
> A flaw exists in the RAS phonebook implementation: a phonebook value
>
> is not properly checked, and is susceptible to a buffer overrun. The
>
> overrun could be exploited for either of two purposes: causing a
>
> system failure, or running code on the system with LocalSystem
>
> privileges. If an attacker were able to log onto an affected server and
> modify a phonebook entry using specially malformed data, then
>
> made a connection using the modified phonebook entry, the specially
>
> malformed data could be run as code by the system.
>
>
>
> Mitigating Factors:
>
> ====================
>
> - The vulnerability could only be exploited by an attacker who had
>
> the appropriate credentials to log onto an affected system.
>
> - Best practices suggests that unprivileged users not be allowed to
>
> interactively log onto business-critical servers. If this
>
> recommendation has been followed machines such as domain
>
> controllers, ERP servers, print and file servers, database
>
> servers, and others would not be at risk from this vulnerability.
>
>
> Risk Rating:
>
> ============
>
> - Internet systems: Low
>
> - Intranet systems: Critical
>
> - Client systems: Moderate
>
> Patch Availability:
>
> ===================
>
> - A patch is available to fix this vulnerability. Please read the
>
> Security Bulletin at
>
> http://www.microsoft.com/technet/security/bulletin/ms02-029.asp
>
> for information on obtaining this patch.
>
> Acknowledgment:
>
> ===============
>
> - David Litchfield of Next Generation Security Software Ltd.
>
> (http://www.nextgenss.com/)
>
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS
IS"
> WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
> EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS
> FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
> SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
> INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,
EVEN
> IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
> POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
> LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE
> FOREGOING LIMITATION MAY NOT APPLY.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>

Relevant Pages

  • Re: Microsoft Security Bulletin MS02-029
    ... Unchecked Buffer in Remote Access Service Phonebook Could ... > Microsoft encourages customers to review the Security Bulletin at: ... > interactively log onto business-critical servers. ... > THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS ...
    (microsoft.public.win2000.security)
  • Microsoft Security Bulletin MS02-029
    ... Unchecked Buffer in Remote Access Service Phonebook Could ... interactively log onto business-critical servers. ... THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" ...
    (microsoft.public.windowsxp.security_admin)
  • Microsoft Security Bulletin MS02-029
    ... Unchecked Buffer in Remote Access Service Phonebook Could ... interactively log onto business-critical servers. ... THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" ...
    (microsoft.public.win2000.security)
  • RE: New DC 2003 R2 with SBS2003 replication problem. Need Help !
    ... SBS domain and you get some KCC errors on SBS. ... Step-by-Step Guide to Adding and Managing Additional Servers in a Windows ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)
  • Re: Multiple copies of the Language Bar
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... Hi, thanks for the response. ... Both the Windows 2003 Standard servers and the SBS2003 are all at ...
    (microsoft.public.windows.server.sbs)