CVE-2006-6979

Sažetak

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=166901
http://bugs.kde.org/show_bug.cgi?id=138499
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://secunia.com/advisories/23984
http://secunia.com/advisories/24159
http://secunia.com/advisories/24510
http://security.gentoo.org/glsa/glsa-200703-11.xml
http://www.securityfocus.com/bid/22568
http://www.vupen.com/english/advisories/2007/0613

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-06-2011 - 04:00

Objavljeno

08-02-2007 - 18:28