Back to search
CVE-2014-2886
Published: Sep 18, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
GLSA-201812-10
vendor-advisory
x_refsource_GENTOO
https://launchpad.net/bugs/1186676
x_refsource_MISC
http://savannah.nongnu.org/bugs/?40023
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now