CVE-2006-6979

Amarok - OS Command Injection via Magnatune Ruby Handler

Title source: llm
STIX 2.1

Description

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

References (9)

Core 9
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23984
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0613
Vendor Advisory vendor-advisory x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=166901
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24510
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22568
Vendor Advisory x_refsource_misc
http://bugs.kde.org/show_bug.cgi?id=138499
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-11.xml
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24159

Scores

EPSS 0.0232
EPSS Percentile 81.5%

Details

CWE
CWE-20
Status published
Products (1)
amarok/amarok
Published Feb 08, 2007
Tracked Since Feb 18, 2026