Lucene search
MitreCVE-2012-4676HistoryAug 26, 2012 - 7:55 p.m.
CVE-2012-4676
2012-08-2619:55:02
CWE-59
mitre
web.nvd.nist.gov
29
cve-2012-4676
tunnelblick
vulnerability
local users
file deletion
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
57.0%
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
Affected configurations
Node
googletunnelblickRange≤3.3beta20
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tunnelblick | * | cpe:2.3:a:google:tunnelblick:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-4676
2012-08-26 19:00:00
CVE-2012-3485
2012-08-26 19:00:00
prion
prion
Hardcoded credentials
2012-08-26 19:55:00
Code injection
2012-08-26 19:55:00
nvd
nvd
CVE-2012-4676
2012-08-26 19:55:02
CVE-2012-3485
2012-08-26 19:55:02
d2
d2
DSquare Exploit Pack: D2SEC_TUNNELBLICK
2012-08-26 19:55:00
metasploit
metasploit
Setuid Tunnelblick Privilege Escalation
2013-03-03 18:48:12
exploitdb
exploitdb
Tunnelblick - Setuid Privilege Escalation (Metasploit)
2013-03-05 00:00:00
Tunnelblick - Local Privilege Escalation (2)
2012-08-11 00:00:00
cve
cve
CVE-2012-3485
2012-08-26 19:55:02
zdt
zdt
Setuid Tunnelblick Privilege Escalation Vulnerability
2013-03-05 00:00:00
packetstorm
packetstorm
Setuid Tunnelblick Privilege Escalation
2013-03-05 00:00:00
CVSS2
1.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
57.0%
Related for CVE-2012-4676