Vulnerabilities > CVE-2002-0366 - Remote Access Service Buffer Overflow vulnerability in Microsoft Windows 2000, Windows NT and Windows XP
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 38 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS02-029.NASL |
| description | An overflow in the RAS phonebook service allows a local user to execute code on the system with the privileges of LocalSystem. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11029 |
| published | 2002-06-13 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11029 |
| title | MS02-029: Windows RAS Local Overflow (318138) |
Oval
accepted 2018-09-11T10:00:00.000-05:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
definition_extensions comment Microsoft Windows NT is installed oval oval:org.mitre.oval:def:36 description Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. family windows id oval:org.mitre.oval:def:61 status accepted submitted 2003-04-04T12:00:00.000-04:00 title Windows NT Remote Access Service Phonebook Buffer Overflow version 70 accepted 2011-05-16T04:03:18.751-04:00 class vulnerability contributors name Tiffany Bergeron organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. family windows id oval:org.mitre.oval:def:63 status accepted submitted 2003-04-04T12:00:00.000-04:00 title Windows 2000 Remote Access Service Phonebook Buffer Overflow version 69
References
- http://online.securityfocus.com/archive/1/276776
- http://online.securityfocus.com/archive/1/278145
- http://www.nextgenss.com/vna/ms-ras.txt
- http://www.securityfocus.com/bid/4852
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-029
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A61
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A63