7 matches found
CVE-2012-3486
CVE-2012-3486 affects Tunnelblick (3.3beta20 and earlier). Local users can gain privileges through an OpenVPN config that triggers execution of a script on an OpenVPN event. Root cause is the configuration allowing script execution by event, enabling local privilege escalation. The provided docum...
CVE-2012-4676
CVE-2012-4676 affects Tunnelblick 3.3beta20 and earlier. The errorExitIfAttackViaString function allows local users to delete arbitrary files by constructing (1) a symlink or (2) a hard link. This is a separate issue from CVE-2012-3485. The NVD entry notes a low base score (1.2) with local attack...
CVE-2012-3485
CVE-2012-3485 affects Tunnelblick 3.3beta20 and earlier. The root cause is that the launcher relies on argv[0] to determine the name of an appropriate kernel module or executable pathname, enabling a local attacker to gain privileges via an execl system call. Public references and connected docum...
CVE-2012-4677
CVE-2012-4677 affects Tunnelblick 3.3beta20 and earlier. The issue arises when a crafted Info.plist controls the gOkIfNotSecure value, enabling local users to gain privileges via this condition. Affected component is the Info.plist handling in Tunnelblick, with a local-auth attack vector and part...
CVE-2012-3483
CVE-2012-3483 describes a local privilege-escalation race condition in Tunnelblick prior to 3.3beta20, where an attacker can gain high-level privileges by replacing a script file via the vulnerable runScript function. The NVD entry notes a CVSS v2 base score of 6.2 (MEDIUM) with local access and ...
CVE-2012-3484
CVE-2012-3484 affects Tunnelblick 3.3beta20 and earlier. The issue arises because startup checks rely on a test of specific ownership and permissions to decide if a program can run, enabling local attackers to bypass access restrictions and gain privileges via a user-mountable image or a network ...
CVE-2012-3487
CVE-2012-3487 describes a race condition in Tunnelblick 3.3beta20 and earlier. The flaw lets local users kill unintended processes by waiting for a specific PID value to be assigned to a target process, as documented across multiple sources (NVD, Red Hat, CVE lists). The available materials do no...