7.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
CPE | Name | Operator | Version |
---|---|---|---|
amarok:amarok | amarok | eq | * |
bugs.gentoo.org/show_bug.cgi?id=166901
bugs.kde.org/show_bug.cgi?id=138499
lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
secunia.com/advisories/23984
secunia.com/advisories/24159
secunia.com/advisories/24510
security.gentoo.org/glsa/glsa-200703-11.xml
www.securityfocus.com/bid/22568
www.vupen.com/english/advisories/2007/0613