Sonata Conferencing Multiple Vulnerabilities
BID:1916
Info
Sonata Conferencing Multiple Vulnerabilities
| Bugtraq ID: | 1916 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 07 2000 12:00AM |
| Updated: | Nov 07 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq by Larry W. Cashdollar <[email protected]> |
| Vulnerable: |
Voyant Technologies Sonata 3.0 |
| Not Vulnerable: | |
Discussion
Sonata Conferencing Multiple Vulnerabilities
Sonata is a teleconferencing product developed by Voyant Technologies.
Two of Sonata's components contain vulnerabilities, the Application Server which runs on Solaris 2.x and the Bridging Server which runs on OS/2 Warp.
The Application Server is vulnerable to a possible root comprimise by an attacker enumerating default accounts using basic information gathering techniques (not detailed). The account information has poor password protection and weak file permissions with any passwords guessed being the same for all default installations of the product. In addition, xhost authentication is turned off allowing an remote attacker to log key strokes and capture screen shots of the X console. The Bridging server is also vulnerable to these same attacks with the default passwords being the same on both platforms and installations.
Sonata is a teleconferencing product developed by Voyant Technologies.
Two of Sonata's components contain vulnerabilities, the Application Server which runs on Solaris 2.x and the Bridging Server which runs on OS/2 Warp.
The Application Server is vulnerable to a possible root comprimise by an attacker enumerating default accounts using basic information gathering techniques (not detailed). The account information has poor password protection and weak file permissions with any passwords guessed being the same for all default installations of the product. In addition, xhost authentication is turned off allowing an remote attacker to log key strokes and capture screen shots of the X console. The Bridging server is also vulnerable to these same attacks with the default passwords being the same on both platforms and installations.
Exploit / POC
Sonata Conferencing Multiple Vulnerabilities
Please see discussion.
Please see discussion.
Solution / Fix
Sonata Conferencing Multiple Vulnerabilities
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Sonata Conferencing Multiple Vulnerabilities
References:
References: