CVE-2007-4074

Loading...

General

Score:10.0/10.0
Severity:High
Category:Configuration Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 30/07/07 - Updated on 29/07/17

Description

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

Category: Configuration Error

CWE-16 (Configuration)
Weaknesses in this category are typically introduced during the configuration of the software.

Security Notices

US National Vulnerability DatabaseCVE-2007-4074

Exploits

SecurityFocusBID-25069

Relative technologies

VendorProduct
centre_for_speech_technology_researchgentoo_linux
susesuse_linux

Share this vulnerability with:

Twitter Facebook LinkedIn Mail