Home page logo
/

bugtraq logo Bugtraq mailing list archives

Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron
From: Tim Brown <timb () nth-dimension org uk>
Date: Fri, 4 Apr 2008 00:23:56 +0100

It has been recently been identified that the Festival text to speech server 
was vulnerable to unauthenticated remote code execution.  Further research 
indicated that this vulnerability has already been reported as a local 
privilege escalation against both the Gentoo and SuSE GNU/Linux distributions 
and had assigned CVE-2007-4074.  The remote form of this vulnerability was 
originally identified in the default configuration of Festival 1.96~beta-5 as 
distributed in Debian unstable but Ubuntu Hardy Heron was also affected. Both 
Debian and Ubuntu have since released patches to resolve this flaw.  An 
advisory for this flaw which provides further information is attached.  A 
short analysis of Debian's response can be found at 
http://www.nth-dimension.org.uk/blog.php?id=68.

Cheers,
Tim
-- 
Tim Brown
<mailto:timb () nth-dimension org uk>
<http://www.nth-dimension.org.uk/>

Attachment: NDSA20080215.txt.asc
Description:


  By Date           By Thread  

Current thread:
  • Medium security hole affecting Festival on Debian unstable/testing and Ubuntu Hardy Heron Tim Brown (Apr 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]