yamt -- arbitrary command execution vulnerability

ID D4A7054A-6D96-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-25T00:00:00


Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.