Description
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.
References (8)
Core 8
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27271
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490465/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25069
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200707-10.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26229
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35606
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=170477
Scores
EPSS
0.0194
EPSS Percentile
83.7%
Details
CWE
CWE-16
Status
published
Products (2)
centre_for_speech_technology_research/gentoo_linux
festival_1.95_beta
suse/suse_linux
Published
Jul 30, 2007
Tracked Since
Feb 18, 2026