Local Privilege Escalation in Tunnelblick by OpenVPN
CVE-2012-3485

Currently unrated

Key Information:

Vendor

Google
Status
Tunnelblick
Vendor
CVE Published:
26 August 2012

What is CVE-2012-3485?

Tunnelblick versions 3.3beta20 and earlier use argv[0] to determine the appropriate kernel module and executable file paths. This insecure reliance allows local users to exploit this behavior through an execl system call, potentially gaining elevated privileges on the system. Proper validation and handling of input parameters are critical to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2012/08/14/1
mailing-listx_refsource_MLIST
http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-f...
x_refsource_MISC
http://code.google.com/p/tunnelblick/issues/detail?id=212
x_refsource_CONFIRM

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.