CVE-2006-6979

Published: Feb 8, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

Affected (1)

Products: Amarok: Amarok

Amarok

1 product

Amarok

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Amarok Amarok	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://bugs.gentoo.org/show_bug.cgi?id=166901

Source: cve@mitre.org

http://bugs.kde.org/show_bug.cgi?id=138499

Source: cve@mitre.org

Vendor Advisory

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23984

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/24159

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/24510

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200703-11.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/22568

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0613

Source: cve@mitre.org

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=166901