CVE-2019-12573

Name of the Vulnerable Software and Affected Versions London Trust Media Private Internet Access (PIA) VPN Client version v82

Description A local attacker could exploit this issue to overwrite arbitrary files, potentially leading to a denial of service condition and data loss. The openvpn launcher binary, which is setuid root, has a --log option that accepts a path as an argument. This --log parameter is not properly sanitized, allowing a local unprivileged user to overwrite files owned by any user, including root.

Recommendations For London Trust Media Private Internet Access (PIA) VPN Client version v82, consider disabling the openvpn launcher binary or restricting its use until a patch is available to prevent local users from overwriting arbitrary files.