Unrated severityNVD Advisory· Published Jul 30, 2007· Updated Apr 23, 2026

CVE-2007-4074

Description

The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.

Affected products

Centre For Speech Technology Research/Gentoo Linux
cpe:2.3:o:centre_for_speech_technology_research:gentoo_linux:festival_1.95_beta:*:*:*:*:*:*:*
SUSE S.A./Linux
cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26229nvdVendor Advisory
secunia.com/advisories/27271nvdVendor Advisory
bugs.gentoo.org/show_bug.cginvd
lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.htmlnvd
security.gentoo.org/glsa/glsa-200707-10.xmlnvd
www.securityfocus.com/archive/1/490465/100/0/threadednvd
www.securityfocus.com/bid/25069nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35606nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000