FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d4a7054a-6d96-11d9-a9e7-0001020eed82yamt -- arbitrary command execution vulnerability

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.


Discovery 2004-12-15
Entry 2005-01-23
Modified 2005-01-25
yamt
< 0.5_2

11999
CVE-2004-1302
http://tigger.uic.edu/~jlongs2/holes/yamt.txt
99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93yamt -- buffer overflow and directory traversal issues

Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code.

The SuSE package ChangeLog contains:

  • Several security fixes (#49337):
  • directory traversal in rename
  • directory traversal in sort
  • buffer overflow in sort
  • buffer overflow in rename

Discovery 2005-01-20
Entry 2005-06-03
yamt
< 0.5_2

CVE-2005-1846
CVE-2005-1847
http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm