[NT] VSAOD Server Unauthenticated Arbitrary File Overwrites

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



VSAOD Server Unauthenticated Arbitrary File Overwrites
------------------------------------------------------------------------


SUMMARY

A vulnerability in the VSAOD Server allows unauthenticated remote
attackers to overwrite arbitrary files with the privileges of the SYSTEM
user.

DETAILS

Vulnerable Systems:
* Visionsoft Audit version 12.4.0.0

It is possible to set the log file name on the remote VSAOD server using
the following unauthenticated exchange:

client> LOG.<filename>
server> Logfile set to: <filename>

Impact:
Since the VSAOD server typically runs as SYSTEM it is possible to
overwrite any file on the system. This can be used by an attacker to
write additional ASP into web pages, commands to a batch file or to
corrupt files on the system.

Vendor status:
e-mailed - 16th January 2007
e-mailed - 26th February 2007
e-mailed - 15th March 2007


ADDITIONAL INFORMATION

The information has been provided by
<mailto:advisories@xxxxxxxxxxxxxxxxxxxxxxx> Tim Brown - Portcullis
Computer Security Ltd..



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [UNIX] phpMyAdmin Variable Overwrite Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... phpMyAdmin Variable Overwrite Vulnerability ... vulnerability in PHP5 and a local file include vulnerability in PHP4. ...
    (Securiteam)
  • [NT] RealTek HD Audio Codec Driver Local Privilege Escalation
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... overwrite as we can see in the following piece of code, note the memory is ... memory overwrite to divert to flow towards a ring0 shellcode. ... missing an important term in the equation to control the first ...
    (Securiteam)
  • [UNIX] WvTftpd Option Name Value Pairs Remote Root Heap Overflow (PoC Included)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... * wvtftpd version 0.9 and prior ... The overflow occurs in the file wvtftpserver.cc around line 535, ... * we overwrite a pointer that is freed before we get to trigger our ...
    (Securiteam)
  • [NT] eZ Multiple Packages Stack Overflow Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A stack-based buffer overflow problem seems ... to arise when an overly long request is made to the server, ... saved data which we can overwrite. ...
    (Securiteam)
  • [NT] Cross Application Scripting in Trend Micros Antivirus Software
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The SecuriTeam alerts list - Free, Accurate, Independent. ... When the product alerts the user of a possible virus, it creates an HTML ...
    (Securiteam)