PT-2012-4751 · Tunnelblick · Tunnelblick
Jason A. Donenfeld
·
Publicado
2012-08-26
·
Atualizado
2013-12-13
·
CVE-2012-3485
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Tunnelblick versions 3.3beta20 and earlier
Description
The issue allows local users to gain privileges. This is due to the software relying on argv[0] to determine the name of an appropriate kernel module pathname or executable file pathname, which can be exploited via an execl system call.
Recommendations
For versions 3.3beta20 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tunnelblick