Unrated severityNVD Advisory· Published Sep 18, 2014· Updated May 6, 2026

CVE-2014-2886

Description

GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.

Affected products

Nongnu/Gksu
cpe:2.3:a:nongnu:gksu:2.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksunvdExploit
savannah.nongnu.org/bugs/nvd
launchpad.net/bugs/1186676nvd
security.gentoo.org/glsa/201812-10nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000