CVE-2019-12577

Name of the Vulnerable Software and Affected Versions London Trust Media Private Internet Access (PIA) VPN Client version v82 for macOS

Description A local attacker could exploit this issue to run arbitrary code with elevated privileges. The openvpn launcher.64 binary, which is setuid root, creates the /tmp/pia upscript.sh file when executed. However, because the file creation mask (umask) is not reset, it inherits the umask value from the calling process, allowing a local unprivileged user to manipulate this value. This manipulation can cause the privileged binary to create files with world-writable permissions, enabling the user to modify /tmp/pia upscript.sh during the connect process and execute arbitrary code as the root user.

Recommendations For London Trust Media Private Internet Access (PIA) VPN Client version v82 for macOS, consider disabling the openvpn launcher.64 binary until a patch is available to prevent exploitation. Restrict access to the /tmp/pia upscript.sh file to minimize the risk of arbitrary code execution.