CVE-2012-3485

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

Summary

Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-f...

x_refsource_MISC

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 26, 2012
Vulnerability Reserved
Jun 14, 2012

Collectors

NVD DatabaseMitre Database