CVE-2019-12571

Name of the Vulnerable Software and Affected Versions London Trust Media Private Internet Access (PIA) VPN Client version 0.9.8 beta (build 02099)

Description A local attacker could overwrite arbitrary files on the system. When the client initiates a connection, it creates an XML file /tmp/pia-watcher.plist. If this file already exists, its contents are completely overwritten. An unprivileged user can create a hard or soft link to arbitrary files, including those owned by root, potentially leading to a denial of service condition and possible data loss.

Recommendations For London Trust Media Private Internet Access (PIA) VPN Client version 0.9.8 beta (build 02099), consider restricting access to the /tmp/pia-watcher.plist file to prevent unauthorized modifications. As a temporary workaround, avoid using the VPN client until a patch is available.