Local File Deletion Vulnerability in Tunnelblick by The Tunnelblick Project
CVE-2012-4676

Currently unrated

Key Information:

Vendor: Google
Status: Tunnelblick
Vendor: CVE Published:; 26 August 2012

Summary

The Tunnelblick application, specifically versions 3.3beta20 and earlier, contains a vulnerability in the errorExitIfAttackViaString function, which allows local users to exploit symlink or hard link vulnerabilities. By leveraging this flaw, unauthorized users can delete arbitrary files within the file system, posing a significant risk to data integrity and system stability. This issue highlights the security concerns surrounding local access and the implications of improper file handling mechanisms.

References

http://www.openwall.com/lists/oss-security/2012/08/14/1

mailing-listx_refsource_MLIST

http://code.google.com/p/tunnelblick/issues/detail?id=212

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 26, 2012