Vulnerability Details : CVE-2007-4074
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.
Products affected by CVE-2007-4074
- cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:centre_for_speech_technology_research:gentoo_linux:festival_1.95_beta:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4074
2.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4074
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-4074
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4074
-
http://www.securityfocus.com/archive/1/490465/100/0/threaded
-
http://bugs.gentoo.org/show_bug.cgi?id=170477
170477 – app-accessibility/festival: privilege elevation with current default setup
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35606
Gentoo Festival privilege escalation CVE-2007-4074 Vulnerability Report
-
http://security.gentoo.org/glsa/glsa-200707-10.xml
Festival: Privilege elevation (GLSA 200707-10) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
[security-announce] SUSE Security Summary Report SUSE-SR:2007:021 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.securityfocus.com/bid/25069
Jump to