Festival: Privilege elevation — GLSA 200707-10

A vulnerability has been discovered in Festival, allowing for a local privilege escalation.

Affected packages

app-accessibility/festival on all architectures
Affected versions < 1.95_beta-r4
Unaffected versions >= 1.95_beta-r4

Background

Festival is a text-to-speech accessibility program.

Description

Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password.

Impact

A local attacker could gain root privileges by connecting to the daemon and execute arbitrary commands.

Workaround

Set a password in the configuration file /etc/festival/server.scm by adding the line: (set! server_passwd password)

Resolution

All Festival users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-accessibility/festival-1.95_beta-r4"

References

Release date
July 25, 2007

Latest revision
July 25, 2007: 01

Severity
high

Exploitable
local

Bugzilla entries