Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-2886HistorySep 18, 2014 - 10:55 a.m.
CVE-2014-2886
2014-09-1810:55:00
Debian Security Bug Tracker
security-tracker.debian.org
13
EPSS
0.006
Percentile
78.0%
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | gksu | <= 2.0.2-9 | gksu_2.0.2-9_all.deb |
Related
ubuntucve
ubuntucve
CVE-2014-2886
2014-09-18 00:00:00
gentoo
gentoo
GKSu: Arbitrary command execution
2018-12-30 00:00:00
nvd
nvd
CVE-2014-2886
2014-09-18 10:55:08
CVE-2014-2943
2014-08-15 11:15:43
prion
prion
Design/Logic Flaw
2014-09-18 10:55:00
Design/Logic Flaw
2014-08-15 11:15:00
nessus
nessus
GLSA-201812-10 : GKSu: Arbitrary command execution
2018-12-31 00:00:00
cve
cve
CVE-2014-2886
2014-09-18 10:55:08
CVE-2014-2943
2014-08-15 11:15:43
cvelist
cvelist
CVE-2014-2886
2014-09-18 10:00:00