Published: 11/07/2019 Updated: 16/07/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local malicious user to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpn_launcher.64 binary is setuid root. This binary accepts several parameters to update the system configuration. These parameters are passed to operating system commands using a "here" document. The parameters are not sanitized, which allow for arbitrary commands to be injected using shell metacharacters. A local unprivileged user can pass special crafted parameters that will be interpolated by the operating system calls.

Vulnerability Trend

Affected Products

Github Repositories

Security Research A collection of files related to my personal security research Additional content will be posted on my blog blogmirchio Tools Tool Description openssldir_check Windows utility to check for potential insecure paths used by the OPENSSLDIR build parameter in OpenSSL libraries ssscache2john Convert SSSD LDAP cache files to John The Ripper form