Gnu · Gksu · CVE-2014-2886
**Name of the Vulnerable Software and Affected Versions**
GKSu version 2.0.2
**Description**
The issue allows attackers to execute arbitrary commands in certain situations when an untrusted substring is present within a gksu-run-helper argument. This can occur, for example, during the installation of a VirtualBox extension pack when an untrusted filename is encountered.
**Recommendations**
For GKSu version 2.0.2, consider enabling sudo-mode to mitigate the risk of arbitrary command execution. As a temporary workaround, restrict the use of gksu-run-helper with untrusted filenames until a patch is available.