Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4074 | First vendor Publication | 2007-07-30 |
Vendor | Cve | Last vendor Modification | 2018-10-15 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4074 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for festival File : nvt/sles10_festival.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-10 (festival) File : nvt/glsa_200707_10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38622 | CSTR Festival on Linux Unauthenticated Arbitrary Command Execution The Festival server is vulnerable to unauthenticated remote code execution. The Festival server which can be started using festival --server is vulnerable to unauthenticated remote command execution due to the inclusion of a scheme interpreter. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_festival-4378.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote openSUSE host is missing a security update. File : suse_festival-4377.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:06:12 |
|
2021-04-22 01:06:44 |
|
2020-05-23 00:20:13 |
|
2018-10-16 00:19:11 |
|
2017-07-29 12:02:26 |
|
2016-04-26 16:25:54 |
|
2014-02-17 10:41:10 |
|
2013-05-11 10:33:07 |
|