Local File Deletion Vulnerability in Tunnelblick by The Tunnelblick Project
CVE-2012-4676

Currently unrated

Key Information:

Vendor

Google
Status
Tunnelblick
Vendor
CVE Published:
26 August 2012

What is CVE-2012-4676?

The Tunnelblick application, specifically versions 3.3beta20 and earlier, contains a vulnerability in the errorExitIfAttackViaString function, which allows local users to exploit symlink or hard link vulnerabilities. By leveraging this flaw, unauthorized users can delete arbitrary files within the file system, posing a significant risk to data integrity and system stability. This issue highlights the security concerns surrounding local access and the implications of improper file handling mechanisms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2012/08/14/1
mailing-listx_refsource_MLIST
http://code.google.com/p/tunnelblick/issues/detail?id=212
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/fulldisclosure/201...
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.