CVE-2007-4074

Name of the Vulnerable Software and Affected Versions: CSTR Festival version 1.95 beta (aka 2.0 beta)

Description: The default configuration of CSTR Festival allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, due to it running with elevated privileges without requiring authentication. This issue can be local in some environments but remote in others.

Recommendations: For version 1.95 beta (aka 2.0 beta), consider disabling the daemon on port 1314 until a proper configuration or patch is available to prevent unauthorized access and command execution. Restrict access to the daemon to minimize the risk of exploitation.