GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Dec 25, 2013 11:03 am Post subject: [ GLSA 201312-06 ] Festival: Arbitrary code execution |
 |
|
Gentoo Linux Security Advisory
Title: Festival: Arbitrary code execution (GLSA 201312-06)
Severity: normal
Exploitable: remote
Date: December 09, 2013
Bug(s): #386319
ID: 201312-06
Synopsis
A vulnerability in Festival could result in arbitrary code
execution, and privilege escalation.
Background
Festival is a Text to Speech Engine from The Centre for Speech
Technology Research.
Affected Packages
Package: app-accessibility/festival
Vulnerable: < 2.1
Unaffected: >= 2.1
Architectures: All supported architectures
Description
A vulnerability in Festival Server has an incorrect path in
LD_LIBRARY_PATH, which allows local users to place a Trojan horse shared
library in the current working directory.
Impact
A local attacker can execute arbitrary a Trojan horse shared library,
potentially resulting in arbitrary code execution and privilege
escalation.
Workaround
There is no known workaround at this time.
Resolution
All Festival users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-accessibility/festival-2.1"
|
References
CVE-2010-3996 |
|
News & Announcements
