Lucene search

[email protected]CVE-2006-6979

HistoryFeb 08, 2007 - 6:28 p.m.

CVE-2006-6979

2007-02-0818:28:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2006-6979

ruby handlers

magnatune component

amarok

arbitrary commands

shell metacharacters

nvd

7.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Affected configurations

NVD

Node

amarokamarok

CPENameOperatorVersion
amarok:amarokamarokeq*

CPE	Name	Operator	Version
amarok:amarok	amarok	eq	*

References

bugs.gentoo.org/show_bug.cgi?id=166901

bugs.kde.org/show_bug.cgi?id=138499

lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

secunia.com/advisories/23984

secunia.com/advisories/24159

secunia.com/advisories/24510

security.gentoo.org/glsa/glsa-200703-11.xml

www.securityfocus.com/bid/22568

www.vupen.com/english/advisories/2007/0613

7.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for CVE-2006-6979

openvas2 cvelist1 nvd1 debiancve1 ubuntucve1 securityvulns1