Bug#466146: festival: Default configuration allows unauthenticated remote code execution

Tue, 19 Feb 2008 03:19:06 -0800 

retitle 466146 festival: CVE-2007-4074 default configuration allows 
unauthenticated remote code execution
thanks

Hi Tim,
* Tim Brown <[EMAIL PROTECTED]> [2008-02-17 04:18]:
> Package: festival
> Version: 1.96~beta-5
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> Nth Dimension Security Advisory (NDSA20080215)
> Date: 15th February 2008
> Author: Tim Brown <mailto:[EMAIL PROTECTED]>
> URL: <http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
> Product: Festival 1.96:beta July 2004 
> <http://www.cstr.ed.ac.uk/projects/festival.html>
> Vendor: Centre for Speech Technology Research, University of Edinburgh 
> <http://www.cstr.ed.ac.uk/>
> Risk: Medium
[...] 

CVE-2007-4074 was assigned to this issue.

======================================================
Name: CVE-2007-4074
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4074
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=170477
Reference: GENTOO:GLSA-200707-10
Reference: URL:http://security.gentoo.org/glsa/glsa-200707-10.xml
Reference: SUSE:SUSE-SR:2007:021
Reference: 
URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
Reference: BID:25069
Reference: URL:http://www.securityfocus.com/bid/25069
Reference: SECUNIA:26229
Reference: URL:http://secunia.com/advisories/26229
Reference: SECUNIA:27271
Reference: URL:http://secunia.com/advisories/27271
Reference: XF:gentoo-festival-privilege-escalation(35606)
Reference: URL:http://xforce.iss.net/xforce/xfdb/35606

The default configuration of Centre for Speech Technology Research
(CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux is run
locally with elevated privileges without requiring authentication,
which allows context-dependent attackers to execute arbitrary commands
via the local daemon on port 1314, a different vulnerability than
CVE-2001-0956.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpUqhVlCUsyi.pgp
Description: PGP signature

Reply via email to