Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-6979HistoryFeb 08, 2007 - 6:28 p.m.
CVE-2006-6979
2007-02-0818:28:00
Debian Security Bug Tracker
security-tracker.debian.org
10
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | amarok | < 1.4.4-1 | amarok_1.4.4-1_all.deb |
| Debian | 13 | all | amarok | < 1.4.4-1 | amarok_1.4.4-1_all.deb |
Related
openvas
openvas
Gentoo Security Advisory GLSA 200703-11 (amarok)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200703-11 (amarok)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2006-6979
2007-02-08 00:00:00
cve
cve
CVE-2006-6979
2007-02-08 18:28:00
cvelist
cvelist
CVE-2006-6979
2007-02-08 18:00:00
nvd
nvd
CVE-2006-6979
2007-02-08 18:28:00
securityvulns
securityvulns
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Related for DEBIANCVE:CVE-2006-6979