Published: 08/02/2007 Updated: 16/06/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows malicious users to execute arbitrary commands via shell metacharacters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amarok amarok

Debian Bug report logs - #410850 CVE-2006-6980: magnatune shell escapes Package: amarok; Maintainer for amarok is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Source for amarok is src:amarok (PTS, buildd, popcon) Reported by: ana@debianorg Date: Tue, 13 Feb 2007 21:03:01 UTC Severity: grave Tags: patc ...

CWE-20 http://bugs.kde.org/show_bug.cgi?id=138499 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html http://secunia.com/advisories/23984 http://bugs.gentoo.org/show_bug.cgi?id=166901 http://security.gentoo.org/glsa/glsa-200703-11.xml http://www.securityfocus.com/bid/22568 http://secunia.com/advisories/24159 http://secunia.com/advisories/24510 http://www.vupen.com/english/advisories/2007/0613 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=410850 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6979

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect