GKSu sudo-mode gksu-run-helper Argument Command Execution Vulnerability [CVE-2014-2886]

CVE Number – CVE-2014-2886

A vulnerability in the gksu-run-helper argument of GKSu could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system.The vulnerability exists in the gksu-run-helper argument of the affected software and is due to insufficient validation of user-supplied input when sudo-mode is not enabled. An attacker could exploit this vulnerability by persuading a user to install a malicious extension pack on the targeted system. A successful exploit could allow the attacker to execute arbitrary commands, which could be used to conduct further attacks.Proof-of-concept code that exploits this vulnerability is publicly available.The vendor has confirmed the vulnerability; however, software updates are not available.

Analysis

• To exploit this vulnerability, the attacker must use misleading language or instructions to persuade a user on targeted system to install a malicious extension pack.

Safeguards

• Administrators are advised to contact the vendor regarding future updates and releases.Administrators are advised to allow only trusted users to access local systems.Users are advised not to open unsolicited email attachments. Users should verify that attachments are safe before opening them.Administrators are advised to monitor affected systems.

Vendor Announcements

• The vendor has released a bug report at the following link: Bug #40023

Fixed Software

• At the time this alert was first published, the vendor had not released software updates.