Security Advisory 06 – 045 – The VSAOD server allows unauthenticated remote uninstalls
Vulnerability discovery and development:
Portcullis Security Testing services discovered this vulnerability during an application assessment.
Further research was then carried out post assessment.
Credit for Discovery:
Tim Brown – Portcullis Computer Security Ltd.
All known versions of Audit, this vulnerability was discovered for version 18.104.22.168.
It is possible to remotely uninstall the remote VSAOD server using the following unauthenticated exchange:
server> Visionsoft Audit on Demand Service server> Version: 22.214.171.124 server> client> UNINSTALL client> Stopping
The VSAOD server will then disconnect and terminate.
An attacker could cause a Denial of Service.
Exploit code is not required.
e-mailed – 16th January 2007
e-mailed – 26th February 2007
e-mailed – 15th March 2007