Gentoo Logo

Festival: Privilege elevation


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200707-10 / festival
Release Date July 25, 2007
Latest Revision July 25, 2007: 01
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
app-accessibility/festival < 1.95_beta-r4 >= 1.95_beta-r4 All supported architectures

Related bugreports: #170477


A vulnerability has been discovered in Festival, allowing for a local privilege escalation.

2.  Impact Information


Festival is a text-to-speech accessibility program.


Konstantine Shirow reported a vulnerability in default Gentoo configurations of Festival. The daemon is configured to run with root privileges and to listen on localhost, without requiring a password.


A local attacker could gain root privileges by connecting to the daemon and execute arbitrary commands.

3.  Resolution Information


Set a password in the configuration file /etc/festival/server.scm by adding the line: (set! server_passwd password)


All Festival users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-accessibility/festival-1.95_beta-r4"


Page updated July 25, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.