RSS   Vulnerabilities for 'Tunnelblick'   RSS

2012-08-26
 
CVE-2012-4677

 

 
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

 
 
CVE-2012-4676

 

 
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

 
 
CVE-2012-3487

 

 
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.

 
 
CVE-2012-3486

 

 
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.

 
 
CVE-2012-3485

CWE-20
 

 
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.

 
 
CVE-2012-3484

 

 
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.

 
 
CVE-2012-3483

 

 
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

 

 >>> Vendor: Google 70 Products
Toolbar
TALK
Mini search appliance
Search appliance
Api search
Earth
Desktop
Web toolkit
Custom search engine
Picasa
KML
Android sdk
Google apps
Chrome
Gears
Android
V8
Google sketchup
Chrome os
App engine python sdk
Idapython
Cr-48 chromebook
Chr2000ome
Sketchup
Chrome2000
Chrom2000e
Bionic
Tunnelblick
Admob
Checkout-php
Cityhash
Android sdk tools
Chrome frame
Frame
Google authenticator
Authenticator
Glass
Android api
Search appliance software
Android debug bridge
Android sdk platform tools
Android browser
Nexus 7
Calendar events
Email
Play services sdk
Kubernetes
Android one
Sfntly
GRPC
Google i/o 2017
News and weather
Protobuf
Gmail
Boringssl
Santa
Chromecast firmware
Home firmware
Mod pagespeed
Rendertron
Cardboard
Kubernetes engine
Guava
Tensorflow
Snappy
Nexus 7 firmware
Nexus 9 firmware
Voice builder
Cloud messaging notification
Nest cam iq indoor firmware


Copyright 2019, cxsecurity.com

 

Back to Top