Vulnerability

    Sonata

Affected

    Voyant Technologies Sonata

Description

    Larry W. Cashdollar  by Vapid Labs  found following.   Sonata is a
    teleconfrencing solution developed  by Voyant Technologies.   This
    advisory  concerns  the  Sonata  application  server  and   bridge
    componet of  the Sonata  package.   The application  server is  an
    Ultra  Sparc  5  running  Solaris   2.x  as  required  by   Voyant
    technologies.  The bridge is an  IBM PC running OS/2 Warp.   These
    hosts are usually built in house by Voyant personnel and installed
    at customer locations by a field engineer.

    Six vulnerabilities have been found in the application server host
    and Sonata package, they are categorized below:

        1) Reused default user accounts and passwords.
        2) Easily guessable passwords.
        3) Poor file permissions.
        4) Lack of host hardening.
        5) X console authentication has been disabled.
        6) Hard coded default passwords.

    Vulnerable packages/systems:

        - Sonata v3.x on Solaris 2.x
        - Sonata bridge OS/2 Warp

    I. Application Server, Solaris 2.x

       By using available default services on the host an attacker can
       enumerate  accounts.  Using  this  easily  obtainable   account
       information combined with poor password selection and weak file
       permissions  a  remote  attacker  can  gain  root  access.  The
       passwords guessed  are the  default for  _all_ installations of
       Sonata.

       By default xhost authentication  is disabled allowing a  remote
       attacker to log key strokes  and capture screen shots of  the X
       console.

    II. Bridging Server, OS/2 Warp.

       These default passwords are  also re-used on the  bridging host
       (OS/2).  Which has telnet enabled for remote administration.

Solution

    Please contact Voyant technologies for assistance.