CVE Vulnerability

CVE-2007-4074

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=170477
http://security.gentoo.org/glsa/glsa-200707-10.xml
http://www.securityfocus.com/bid/25069
http://secunia.com/advisories/26229 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/27271 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35606
http://www.securityfocus.com/archive/1/490465/100/0/threaded
Configurations

Configuration 1

cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*
cpe:2.3:o:centre_for_speech_technology_research:gentoo_linux:festival_1.95_beta:*:*:*:*:*:*:*
Information

Published : 2007-07-30 05:30

Updated : 2018-10-15 09:33

NVD link : CVE-2007-4074

Mitre link : CVE-2007-4074

Products Affected
No products.
CWE
CWE-16