Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The openvpn_launcher binary is setuid root. This program is called during the connection process and executes several operating system utilities to configure the system. The networksetup utility is called using relative paths. A local unprivileged user can execute arbitrary commands as root by creating a networksetup trojan which will be executed during the connection process. This is possible because the PATH environment variable is not reset prior to executing the OS utility.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
London Trust Media Private Internet Access(PIA)Client 代码问题漏洞
Vulnerability Description
London Trust Media Private Internet Access(PIA)Client是一款用于匿名访问互联网的VPN(虚拟专用网络)客户端应用程序。 London Trust Media Private Internet Access(PIA)Client 基于macOS平台的v82版本中存在代码问题漏洞。本地攻击者可利用该漏洞以提升的权限运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A