FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1302

This CVE name corresponds to:

Entered Topic
2005-01-23 yamt -- arbitrary command execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-1302
Phase Assigned(20041220)

Description

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.

References

Source Reference
MISC http://tigger.uic.edu/~jlongs2/holes/yamt.txt
CONFIRM http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html
BID 11999
SECTRACK 1012583
SECUNIA 13554
XF yamt-id3tagsort-bo(18614)