Published: 26/08/2012 Updated: 27/08/2012

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 630

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Race condition in the runScript function in Tunnelblick 3.3beta20 and previous versions allows local users to gain privileges by replacing a script file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google tunnelblick

/* * ==== Pwnnel Blicker ==== * = = * = zx2c4 = * = = * ======================== * * Tunnel Blick, a widely used OpenVPN manager for OSX * comes with a nice SUID executable that has more holes * than you care to count It's a treasure chest of local * roots I picked one that looked ...

#!/bin/sh #### Pwnnel Blicker #### # for kids # # # # zx2c4 # # # ######################## # This is another exploit for Tunnel Blick # Other exploits for Tunnel Blick are available here: # gitzx2c4com/Pwnnel-Blicker/tree/ echo "[+] Making vulnerable directory ...

CWE-362 http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker.c http://www.openwall.com/lists/oss-security/2012/08/14/1 http://code.google.com/p/tunnelblick/issues/detail?id=212 http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html https://nvd.nist.gov https://www.exploit-db.com/exploits/20417/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3483

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect