Title: Sonata Conferencing Multiple Vulnerabilities
Severity: HIGH
Description:
Sonata is a teleconferencing product developed by Voyant Technologies.
Two of Sonata's components contain vulnerabilities, the Application Server which runs on Solaris 2.x and the Bridging Server which runs on OS/2 Warp.
The Application Server is vulnerable to a possible root comprimise by an attacker enumerating default accounts using basic information gathering techniques (not detailed). The account information has poor password protection and weak file permissions with any passwords guessed being the same for all default installations of the product. In addition, xhost authentication is turned off allowing an remote attacker to log key strokes and capture screen shots of the X console. The Bridging server is also vulnerable to these same attacks with the default passwords being the same on both platforms and installations.
Affected Products:
- IBM OS/2 4.5.0Warp
- Voyant Technologies Sonata 3.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
