Full title: Setuid Tunnelblick Privilege Escalation Vulnerability 
Category: local exploits
Platform: macOS
This Metasploit module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This Metasploit module has been tested successfully on Tunnelblick 3.2.8 build 2891.3099 over Mac OS X 10.7.5.

# 0day.today @ http://0day.today/