Privilege Escalation Vulnerability in Tunnelblick by OpenVPN
CVE-2012-3486

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

Summary

Tunnelblick versions 3.3beta20 and earlier contain a vulnerability that allows local users to escalate privileges. This occurs when an OpenVPN configuration file is improperly set up to execute a script upon specific OpenVPN events. Malicious users can exploit this condition to gain elevated privileges, posing significant security risks to systems using Tunnelblick.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 26, 2012