Local privilege escalation vulnerability in Tunnelblick by OpenVPN Technologies
CVE-2012-3483

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

Summary

A flaw exists within the runScript function in Tunnelblick versions 3.3beta20 and earlier that allows local users to exploit a race condition. By manipulating a script file, these users can gain elevated privileges on the system, potentially leading to unauthorized actions and compromising system integrity. This vulnerability emphasizes the necessity for secure coding practices to mitigate race conditions effectively.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker.c

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 26, 2012