Security Advisory 06 – 043 – The VSAOD server allows remote execution via replay attacks
Vulnerability discovery and development:
Portcullis Security Testing Services discovered this vulnerability during an application assessment.
Further research was then carried out post assessment.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of Audit, the vulnerability was discovered for version 126.96.36.199.
When logging is enabled on the remote VSAOD server, the log path is disclosed:
client> LOG.ON server> OK, logging to C:\Documents and Settings\All Users\Application Data\Visionsoft\VAP\vsAoD\vsAoD.log
An attacker could make use of the log path disclosure by identifying the OS type of the system which they are attacking.
Exploit code is not required.
e-mailed – 16th January 2007
e-mailed – 26th February 2007
e-mailed – 15th March 2007