Privilege Escalation via Tunnelblick 3.3beta20 and Earlier
CVE-2012-3485 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Learn more about our User Device Pen Test.