CVE-2012-3485
Google Tunnelblick < 3.3beta20 - Improper Input Validation
Title source: ruleDescription
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalosx
https://www.exploit-db.com/exploits/24578
metasploit
WORKING POC
EXCELLENT
by Jason A. Donenfeld, juan vazquez · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/setuid_tunnelblick.rb
References (5)
Scores
EPSS
0.2776
EPSS Percentile
96.5%
Details
CWE
CWE-20
Status
published
Products (1)
google/tunnelblick
< 3.3beta20
Published
Aug 26, 2012
Tracked Since
Feb 18, 2026