MidnightBSD

Advisories for cstr

CVE-2010-3996 MEDIUM

festival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cstr festival 1.4.2
cstr festival 1.4.3
cstr festival 1.95
cstr festival *
cstr festival 1.4.1
cstr festival 1.96