Local Privilege Escalation in Tunnelblick by OpenVPN
CVE-2012-3485

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

Summary

Tunnelblick versions 3.3beta20 and earlier use argv[0] to determine the appropriate kernel module and executable file paths. This insecure reliance allows local users to exploit this behavior through an execl system call, potentially gaining elevated privileges on the system. Proper validation and handling of input parameters are critical to mitigate this vulnerability.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-f...

x_refsource_MISC

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

EPSS Score

25% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 26, 2012
Vulnerability Reserved
Jun 14, 2012