Privilege Escalation in Tunnelblick by OpenVPN Technology
CVE-2012-3484

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

What is CVE-2012-3484?

Tunnelblick versions 3.3beta20 and earlier allow local users to bypass intended access restrictions due to insufficient checks on ownership and permissions for executables. This vulnerability enables users to execute arbitrary programs via a user-mountable image or a network share, potentially compromising system integrity and security.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 26, 2012

Google

What is CVE-2012-3484?

References

Timeline