Race Condition Vulnerability in Tunnelblick by OpenVPN Technologies
CVE-2012-3487

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

What is CVE-2012-3487?

A race condition exists in Tunnelblick versions up to 3.3beta20 that allows local users to terminate unintended processes. By strategically waiting for a specific process identifier (PID) to be assigned, an attacker can disrupt legitimate operations, potentially leading to service denial or unauthorized actions within the application. This type of vulnerability underscores the importance of robust process handling and security measures to prevent exploitation in user environments.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 26, 2012

Google

What is CVE-2012-3487?

References

Timeline