Sonata Local Arbitrary Command Excution Vulnerability
BID:2125
Info
Sonata Local Arbitrary Command Excution Vulnerability
| Bugtraq ID: | 2125 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 18 2000 12:00AM |
| Updated: | Dec 18 2000 12:00AM |
| Credit: | reported to bugtraq by Larry W. Cashdollar <[email protected]> on 18 Dec 2000 |
| Vulnerable: |
Voyant Technologies Sonata 3.0 |
| Not Vulnerable: | |
Discussion
Sonata Local Arbitrary Command Excution Vulnerability
Users of Sonata, a voice conferencing switch from Voyant Technologies, may be vulnerable to a local compromise of root privileges.
Sonata comes with a program installed setuid root that will execute supplied arguments. As installed, it is exectuable by all users. As a result, host security can be readily compromised by a malicious local user.
Users of Sonata, a voice conferencing switch from Voyant Technologies, may be vulnerable to a local compromise of root privileges.
Sonata comes with a program installed setuid root that will execute supplied arguments. As installed, it is exectuable by all users. As a result, host security can be readily compromised by a malicious local user.
Exploit / POC
Sonata Local Arbitrary Command Excution Vulnerability
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sonata Local Arbitrary Command Excution Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Sonata Local Arbitrary Command Excution Vulnerability
References:
References: