Arbitrary File Deletion Vulnerability in Tunnelblick 3.3beta20 and Earlier

Arbitrary File Deletion Vulnerability in Tunnelblick 3.3beta20 and Earlier

CVE-2012-4676 · LOW Severity

AV:L/AC:H/AU:N/C:N/I:P/A:N

The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

Learn more about our User Device Pen Test.