FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-16 12:24:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93	yamt -- buffer overflow and directory traversal issues Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code. The SuSE package ChangeLog contains: Several security fixes (#49337): directory traversal in rename directory traversal in sort buffer overflow in sort buffer overflow in rename Discovery 2005-01-20 Entry 2005-06-03 yamt < 0.5_2 CVE-2005-1846 CVE-2005-1847 http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm
d4a7054a-6d96-11d9-a9e7-0001020eed82	yamt -- arbitrary command execution vulnerability Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the `id3tag_sort()` routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command. Discovery 2004-12-15 Entry 2005-01-23 Modified 2005-01-25 yamt < 0.5_2 11999 CVE-2004-1302 http://tigger.uic.edu/~jlongs2/holes/yamt.txt

99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93

yamt -- buffer overflow and directory traversal issues

Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code.

The SuSE package ChangeLog contains:

Several security fixes (#49337):

directory traversal in rename

directory traversal in sort

buffer overflow in sort

buffer overflow in rename

Discovery 2005-01-20
Entry 2005-06-03
yamt

< 0.5_2

CVE-2005-1846
CVE-2005-1847
http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm

d4a7054a-6d96-11d9-a9e7-0001020eed82

yamt -- arbitrary command execution vulnerability

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.

Discovery 2004-12-15
Entry 2005-01-23
Modified 2005-01-25
yamt

< 0.5_2

11999
CVE-2004-1302
http://tigger.uic.edu/~jlongs2/holes/yamt.txt