Privilege Escalation via Ownership and Permissions Test Bypass in Tunnelblick

Privilege Escalation via Ownership and Permissions Test Bypass in Tunnelblick

CVE-2012-3484 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.

Learn more about our Network Penetration Testing.