Privilege Escalation in Tunnelblick by OpenVPN Technology

CVE-2012-3484

Summary

Tunnelblick versions 3.3beta20 and earlier allow local users to bypass intended access restrictions due to insufficient checks on ownership and permissions for executables. This vulnerability enables users to execute arbitrary programs via a user-mountable image or a network share, potentially compromising system integrity and security.

References