CVE-2006-6979

EPSS 1.07%
Published 08.02.2007 18:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Amarok ≫ Amarok

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.07%	0.77

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/23984

Vendor Advisory

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=166901

http://bugs.kde.org/show_bug.cgi?id=138499

Vendor Advisory

http://secunia.com/advisories/24159

Vendor Advisory

http://secunia.com/advisories/24510

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200703-11.xml