FreeBSD : yamt -- arbitrary command execution vulnerability (d4a7054a-6d96-11d9-a9e7-0001020eed82)
Critical Nessus Plugin ID 19134
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionManigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tag_sort() routine which does not properly sanitize the artist tag from the MP3 file before using it as an argument to the mv command.
SolutionUpdate the affected package.