CVE-2014-2886 – Gentoo Linux Security Advisory 201812-10

https://notcve.org/view.php?id=CVE-2014-2886

18 Sep 2014 — GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack. GKSu 2.0.2, cuando el modo sudo no está habilitado, utiliza caracteres ' (dobles comillas) en un argumento de gksu-run-helper, lo cual permite a atacantes ejecutar comand... • http://savannah.nongnu.org/bugs/?40023 • CWE-264: Permissions, Privileges, and Access Controls •