Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 534540 (CVE-2014-2886) - x11-libs/gksu: Improper sanitization of user-supplied input (CVE-2014-2886)
Summary: x11-libs/gksu: Improper sanitization of user-supplied input (CVE-2014-2886)
Status: RESOLVED FIXED
Alias: CVE-2014-2886
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on: 425156
Blocks:
  Show dependency tree
 
Reported: 2015-01-03 22:37 UTC by GLSAMaker/CVETool Bot
Modified: 2018-12-30 21:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-03 22:37:33 UTC
CVE-2014-2886 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2886):
  GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters
  in a gksu-run-helper argument, which allows attackers to execute arbitrary
  commands in certain situations involving an untrusted substring within this
  argument, as demonstrated by an untrusted filename encountered during
  installation of a VirtualBox extension pack.
Comment 1 Michael Boyle 2017-06-16 03:13:21 UTC
@maintainers is this stable? Can we send to glsa?

Mike
Gentoo Security Padawan
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-12-11 13:59:43 UTC
Package is removed wrt #425156.
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-12-11 17:31:15 UTC
Removal GLSA opened.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2018-12-30 21:19:59 UTC
This issue was resolved and addressed in
 GLSA 201812-10 at https://security.gentoo.org/glsa/201812-10
by GLSA coordinator Thomas Deutschmann (whissi).