Vulnerability Details CVE-2012-3485
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.259
EPSS Ranking 96.1%
CVSS Severity
CVSS v2 Score 7.2
References
- http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html
- http://code.google.com/p/tunnelblick/issues/detail?id=212
- http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-for-kids.sh
- http://www.exploit-db.com/exploits/24578
- http://www.openwall.com/lists/oss-security/2012/08/14/1
- http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html
- http://code.google.com/p/tunnelblick/issues/detail?id=212
- http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-for-kids.sh
- http://www.exploit-db.com/exploits/24578
- http://www.openwall.com/lists/oss-security/2012/08/14/1
Products affected by CVE-2012-3485
-
cpe:2.3:a:google:tunnelblick:*