Google Tunnelblick vulnerabilities

CVE-2012-3485 [HIGH] CWE-20 CVE-2012-3485: Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kern Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.

CVE-2012-3484 [HIGH] CWE-264 CVE-2012-3484: Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determi Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.

CVE-2012-3483 [MEDIUM] CWE-362 CVE-2012-3483: Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

CVE-2012-3486 [MEDIUM] CWE-264 CVE-2012-3486: Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.

CVE-2012-4677 [MEDIUM] CWE-264 CVE-2012-4677: Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plis Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

CVE-2012-3487 [LOW] CWE-362 CVE-2012-3487: Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.

CVE-2012-4676 [LOW] CVE-2012-4676: The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to d The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.