FreeBSD : yamt -- arbitrary command execution vulnerability (d4a7054a-6d96-11d9-a9e7-0001020eed82)

Critical Nessus Plugin ID 19134


The remote FreeBSD host is missing a security-related update.


Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.


Update the affected package.

See Also

Plugin Details

Severity: Critical

ID: 19134

File Name: freebsd_pkg_d4a7054a6d9611d9a9e70001020eed82.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/07/13

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:yamt, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2005/01/23

Vulnerability Publication Date: 2004/12/15

Reference Information

CVE: CVE-2004-1302

BID: 11999