Check or Attack Name: NT RAS Overflow

The portion of the RAS (Remote Access Service) client for Windows NT 4.0 that processes phone book entries contains a buffer overflow condition, which could allow a local user to cause a denial of service or possibly execute arbitrary code with system privileges.

Apply the Windows NT 4.0 post-SP5 RAS-fix update.

Windows NT 4.0 Service Pack 5 (SP5) users, apply the RAS-fix update:

1. Open a web browser.
2. Go to ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/RAS-fix/.
3. View the readme.txt for versions and install instructions.
4. Download the appropriate patch for your operating environment.
5. Find the patch file you downloaded to your computer.
6. Double-click its icon to start the installation.
7. Follow the installation directions.

BUGTRAQ Mailing List, Buffer Overruns in RAS allows execution of arbitary code as system, http://www.netspace.org/cgi-bin/wa?A2=ind9905C&L=bugtraq&P=R2187

Microsoft Security Bulletin MS99-016, Patch Available for "Malformed Phonebook Entry" Vulnerability, http://www.microsoft.com/security/bulletins/ms99-016.asp

Microsoft Knowledge Base Article Q230677, Malformed Phonebook Entry Security Vulnerability in RAS Client, http://support.microsoft.com/support/kb/articles/q230/6/77.asp