Lucene search
+L
GoogleTunnelblick

7 matches found

CVE
CVE
added 2012/08/26 7:0 p.m.62 views

CVE-2012-3486

CVE-2012-3486 affects Tunnelblick (3.3beta20 and earlier). Local users can gain privileges through an OpenVPN config that triggers execution of a script on an OpenVPN event. Root cause is the configuration allowing script execution by event, enabling local privilege escalation. The provided docum...

6.9CVSS6.8AI score0.00278EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.62 views

CVE-2012-4676

CVE-2012-4676 affects Tunnelblick 3.3beta20 and earlier. The errorExitIfAttackViaString function allows local users to delete arbitrary files by constructing (1) a symlink or (2) a hard link. This is a separate issue from CVE-2012-3485. The NVD entry notes a low base score (1.2) with local attack...

1.2CVSS6.4AI score0.00186EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.56 views

CVE-2012-3485

CVE-2012-3485 affects Tunnelblick 3.3beta20 and earlier. The root cause is that the launcher relies on argv[0] to determine the name of an appropriate kernel module or executable pathname, enabling a local attacker to gain privileges via an execl system call. Public references and connected docum...

7.2CVSS6.5AI score0.03776EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.55 views

CVE-2012-4677

CVE-2012-4677 affects Tunnelblick 3.3beta20 and earlier. The issue arises when a crafted Info.plist controls the gOkIfNotSecure value, enabling local users to gain privileges via this condition. Affected component is the Info.plist handling in Tunnelblick, with a local-auth attack vector and part...

4.4CVSS6.7AI score0.00155EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.54 views

CVE-2012-3483

CVE-2012-3483 describes a local privilege-escalation race condition in Tunnelblick prior to 3.3beta20, where an attacker can gain high-level privileges by replacing a script file via the vulnerable runScript function. The NVD entry notes a CVSS v2 base score of 6.2 (MEDIUM) with local access and ...

6.2CVSS6.7AI score0.00264EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.53 views

CVE-2012-3484

CVE-2012-3484 affects Tunnelblick 3.3beta20 and earlier. The issue arises because startup checks rely on a test of specific ownership and permissions to decide if a program can run, enabling local attackers to bypass access restrictions and gain privileges via a user-mountable image or a network ...

7.2CVSS6.8AI score0.00185EPSS
CVE
CVE
added 2012/08/26 7:0 p.m.45 views

CVE-2012-3487

CVE-2012-3487 describes a race condition in Tunnelblick 3.3beta20 and earlier. The flaw lets local users kill unintended processes by waiting for a specific PID value to be assigned to a target process, as documented across multiple sources (NVD, Red Hat, CVE lists). The available materials do no...

1.2CVSS6.5AI score0.00118EPSS