CVE-2014-2886

Name of the Vulnerable Software and Affected Versions GKSu version 2.0.2

Description The issue allows attackers to execute arbitrary commands in certain situations when an untrusted substring is present within a gksu-run-helper argument. This can occur, for example, during the installation of a VirtualBox extension pack when an untrusted filename is encountered.

Recommendations For GKSu version 2.0.2, consider enabling sudo-mode to mitigate the risk of arbitrary command execution. As a temporary workaround, restrict the use of gksu-run-helper with untrusted filenames until a patch is available.