Lucene search
RedhatCVE-2012-3485HistoryAug 26, 2012 - 7:55 p.m.
CVE-2012-3485
2012-08-2619:55:02
CWE-20
redhat
web.nvd.nist.gov
23
cve-2012-3485
tunnelblick
kernel module
executable file
privilege escalation
security vulnerability
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
57.0%
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Affected configurations
Node
googletunnelblickRange≤3.3beta20
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tunnelblick | * | cpe:2.3:a:google:tunnelblick:*:*:*:*:*:*:*:* |
Related
d2
d2
DSquare Exploit Pack: D2SEC_TUNNELBLICK
2012-08-26 19:55:00
metasploit
metasploit
Setuid Tunnelblick Privilege Escalation
2013-03-03 18:48:12
cvelist
cvelist
CVE-2012-3485
2012-08-26 19:00:00
CVE-2012-4676
2012-08-26 19:00:00
exploitdb
exploitdb
Tunnelblick - Setuid Privilege Escalation (Metasploit)
2013-03-05 00:00:00
Tunnelblick - Local Privilege Escalation (2)
2012-08-11 00:00:00
nvd
nvd
CVE-2012-3485
2012-08-26 19:55:02
CVE-2012-4676
2012-08-26 19:55:02
zdt
zdt
Setuid Tunnelblick Privilege Escalation Vulnerability
2013-03-05 00:00:00
packetstorm
packetstorm
Setuid Tunnelblick Privilege Escalation
2013-03-05 00:00:00
prion
prion
Code injection
2012-08-26 19:55:00
Hardcoded credentials
2012-08-26 19:55:00
cve
cve
CVE-2012-4676
2012-08-26 19:55:02
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
57.0%
Related for CVE-2012-3485