The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-07-30T17:00:00
Updated: 2024-08-07T14:37:06.107Z
Reserved: 2007-07-30T00:00:00
Link: CVE-2007-4074
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-07-30T17:30:00.000
Modified: 2024-11-21T00:34:43.307
Link: CVE-2007-4074
Redhat
No data.