Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-4074

Date: July 30, 2007

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

Severity Score

Related Resources (11)

http://secunia.com/advisories/27271
https://exchange.xforce.ibmcloud.com/vulnerabilities/35606
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4074
http://secunia.com/advisories/26229
http://www.securityfocus.com/archive/1/490465/100/0/threaded
http://www.securityfocus.com/bid/25069
http://security.gentoo.org/glsa/glsa-200707-10.xml
https://nvd.nist.gov/vuln/detail/CVE-2007-4074
http://bugs.gentoo.org/show_bug.cgi?id=170477
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
https://www.mend.io/vulnerability-database/CVE-2007-4074

Severity Score

Weakness Type (CWE)

Configuration

CWE-16

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us