Security Advisory 06 – 041 – The VSAOD server allows unauthenticated ini file overwrites
Vulnerability discovery and development:
Portcullis Security Testing Services discovered this vulnerability during an application assessment.
Further research was then carried out post assessment.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of Audit, this vulnerability was discovered for version 22.214.171.124.
It is possible to overwrite the ini file on the remote VSAOD server using the following unauthenticated exchange:
client> SETTINGSFILE client> [whatever you like] client> END
This can be used by an attacker to prevent the remote VSAOD server from starting in future or to otherwise change its configuration.
Exploit code is not required.
e-mailed – 16th January 2007
e-mailed – 26th February 2007
e-mailed – 15th March 2007