10
CVE-2007-4074
- EPSS 5.43%
- Veröffentlicht 30.07.2007 17:30:00
- Zuletzt bearbeitet 16.06.2026 22:43:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Centre For Speech Technology Research ≫ Gentoo Linux Versionfestival_1.95_beta
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.43% | 0.917 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://secunia.com/advisories/27271
http://bugs.gentoo.org/show_bug.cgi?id=170477
http://secunia.com/advisories/26229
http://security.gentoo.org/glsa/glsa-200707-10.xml
http://www.securityfocus.com/archive/1/490465/100/0/threaded
http://www.securityfocus.com/bid/25069
https://exchange.xforce.ibmcloud.com/vulnerabilities/35606