Setuid Tunnelblick Privilege Escalation

Posted by deepcore on March 5, 2013 – 1:52 am

This Metasploit module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This Metasploit module has been tested successfully on Tunnelblick 3.2.8 build 2891.3099 over Mac OS X 10.7.5.

More:
Setuid Tunnelblick Privilege Escalation

Tags: Security, tools, Vulnerability, xss
This post is under “Apple, exploit, facebook, iphone, m$, OSX security tools, Privacy, Security, tools, twitter, XSS” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [local] – Setuid Tunnelblick Privilege Escalation Viscosity setuid-set ViscosityHelper Privilege Escalation »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Setuid Tunnelblick Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL