CVE-2006-6979
N/A
N/A
Summary
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/23984
- http://www.vupen.com/english/advisories/2007/0613
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://bugs.gentoo.org/show_bug.cgi?id=166901
- http://secunia.com/advisories/24510
- http://www.securityfocus.com/bid/22568
- http://bugs.kde.org/show_bug.cgi?id=138499
- http://security.gentoo.org/glsa/glsa-200703-11.xml
- http://secunia.com/advisories/24159
References
- http://secunia.com/advisories/23984
- http://www.vupen.com/english/advisories/2007/0613
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://bugs.gentoo.org/show_bug.cgi?id=166901
- http://secunia.com/advisories/24510
- http://www.securityfocus.com/bid/22568
- http://bugs.kde.org/show_bug.cgi?id=138499
- http://security.gentoo.org/glsa/glsa-200703-11.xml
- http://secunia.com/advisories/24159
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.