Bug 386319 (CVE-2010-3996)

Summary:	<app-accessibility/festival-2.1: library path loading vulnerability (CVE-2010-3996)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	accessibility, neurogeek, sound
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 14:15:41 UTC

CVE-2010-3996 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3996):
  festival_server in Centre for Speech Technology Research (CSTR) Festival,
  probably 2.0.95-beta and earlier, places a zero-length directory name in the
  LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan
  horse shared library in the current working directory.


Please punt vulnerable versions and verify that the current one is fixed.

Comment 1 Jesus Rivero (RETIRED) gentoo-dev

2012-12-04 05:00:52 UTC

Dropped vulnerable versions from the tree.

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-12-04 22:53:49 UTC

Thanks, Jesus. 

Stabilization was performed in bug 380775 - last arch finished 2011-12-29.

Filing a new GLSA request.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2013-12-09 06:24:39 UTC

This issue was resolved and addressed in
 GLSA 201312-06 at http://security.gentoo.org/glsa/glsa-201312-06.xml
by GLSA coordinator Chris Reffett (creffett).