VULHUB ™

Sonata is a teleconferencing product developed by Voyant Technologies. Two of Sonata's components contain vulnerabilities, the Application Server which runs on Solaris 2.x and the Bridging Server which runs on OS/2 Warp. The Application Server is vulnerable to a possible root comprimise by an attacker enumerating default accounts using basic information gathering techniques (not detailed). The account information has poor password protection and weak file permissions with any passwords guessed being the same for all default installations of the product. In addition, xhost authentication is turned off allowing an remote attacker to log key strokes and capture screen shots of the X console. The Bridging server is also vulnerable to these same attacks with the default passwords being the same on both platforms and installations.

Sonata is a teleconferencing product developed by Voyant Technologies. Two of Sonata's components contain vulnerabilities, the Application Server which runs on Solaris 2.x and the Bridging Server which runs on OS/2 Warp. The Application Server is vulnerable to a possible root comprimise by an attacker enumerating default accounts using basic information gathering techniques (not detailed). The account information has poor password protection and weak file permissions with any passwords guessed being the same for all default installations of the product. In addition, xhost authentication is turned off allowing an remote attacker to log key strokes and capture screen shots of the X console. The Bridging server is also vulnerable to these same attacks with the default passwords being the same on both platforms and installations.