CVE-2006-6979

N/A Unknown

Published: February 08, 2007 Modified: April 23, 2026

Description

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=166901

Source: cve@mitre.org

http://bugs.kde.org/show_bug.cgi?id=138499

Source: cve@mitre.org

Vendor Advisory

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23984

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/24159

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/24510

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200703-11.xml

Source: cve@mitre.org

http://www.securityfocus.com/bid/22568

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0613

Source: cve@mitre.org

Vendor Advisory

http://bugs.gentoo.org/show_bug.cgi?id=166901