FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

yamt -- arbitrary command execution vulnerability

Affected packages
yamt < 0.5_2

Details

VuXML ID d4a7054a-6d96-11d9-a9e7-0001020eed82
Discovery 2004-12-15
Entry 2005-01-23
Modified 2005-01-25

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.

References

Bugtraq ID 11999
CVE Name CVE-2004-1302
URL http://tigger.uic.edu/~jlongs2/holes/yamt.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.