CVE-2012-3483

Tunnelblick < 3.3beta20 - Local Privilege Escalation via Race Condition in runScript

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-3483. PoCs published by zx2c4.

AI-analyzed exploit summary This exploit leverages a race condition in Tunnelblick's SUID executable to achieve local privilege escalation. It manipulates file permissions and symlinks to execute arbitrary code as root.

Description

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.

Exploits (2)

exploitdb WORKING POC VERIFIED
by zx2c4 · clocalosx
https://www.exploit-db.com/exploits/20417

This exploit leverages a race condition in Tunnelblick's SUID executable to achieve local privilege escalation. It manipulates file permissions and symlinks to execute arbitrary code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Tunnelblick (OpenVPN manager for OSX)
No auth needed
Prerequisites: Tunnelblick installed on macOS · Local user access
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
shelllocalosx
https://www.exploit-db.com/exploits/20443

This exploit leverages a directory traversal vulnerability in Tunnelblick to execute arbitrary commands with elevated privileges. It creates a malicious directory structure and symlink to trick the application into executing a payload that spawns a root shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Tunnelblick (OpenVPN GUI for macOS)
No auth needed
Prerequisites: Local access to the target system · Tunnelblick installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/08/14/1
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html

Scores

EPSS 0.0059
EPSS Percentile 69.8%

Details

CWE
CWE-362
Status published
Products (1)
google/tunnelblick < 3.3beta20
Published Aug 26, 2012
Tracked Since Feb 18, 2026