CVE-2012-3485
- EPSS 3.78%
- Veröffentlicht 26.08.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:43:19
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
CVE-2012-3486
- EPSS 0.28%
- Veröffentlicht 26.08.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:43:19
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
CVE-2012-3487
- EPSS 0.12%
- Veröffentlicht 26.08.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:43:19
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
CVE-2012-4676
- EPSS 0.19%
- Veröffentlicht 26.08.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:45:33
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
CVE-2012-4677
- EPSS 0.16%
- Veröffentlicht 26.08.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:45:33
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
CVE-2012-3483
- EPSS 0.26%
- Veröffentlicht 26.08.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:43:18
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
CVE-2012-3484
- EPSS 0.19%
- Veröffentlicht 26.08.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:43:18
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mounta...