Vulnerability Name:

CVE-2007-4074 (CCN-35606)

Assigned:2007-07-25
Published:2007-07-25
Updated:2018-10-15
Summary:The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956.
Note: this issue is local in some environments, but remote on others.
CVSS v3 Severity:8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-16
Vulnerability Consequences:Gain Privileges
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=170477

Source: MITRE
Type: CNA
CVE-2007-4074

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:021

Source: CCN
Type: SA26229
Gentoo festival Privilege Escalation

Source: SECUNIA
Type: Vendor Advisory
26229

Source: SECUNIA
Type: Vendor Advisory
27271

Source: GENTOO
Type: UNKNOWN
GLSA-200707-10

Source: CCN
Type: GLSA-200707-10
Festival: Privilege elevation

Source: CCN
Type: OSVDB ID: 38622
CSTR Festival on Linux Unauthenticated Arbitrary Command Execution

Source: BUGTRAQ
Type: UNKNOWN
20080403 Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron

Source: BID
Type: UNKNOWN
25069

Source: CCN
Type: BID-25069
Festival Insecure Command Local Privilege Escalation and Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
gentoo-festival-privilege-escalation(35606)

Source: XF
Type: UNKNOWN
gentoo-festival-privilege-escalation(35606)

Source: SUSE
Type: SUSE-SR:2007:021
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/o:centre_for_speech_technology_research:gentoo_linux:festival_1.95_beta:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20074074
    V
    CVE-2007-4074
    2015-11-16
    BACK
    centre_for_speech_technology_research gentoo linux festival_1.95_beta
    suse suse linux *
    gentoo linux *
    suse suse linux *