Popular VPN closes critical vulnerability on Linux client

The VPN service Private Internet Access ( PIA ) has released a new version of its Linux client which fixes a critical vulnerability that c...

The VPN service Private Internet Access (PIA) has released a new version of its Linux client which fixes a critical vulnerability that could have allowed remote attackers to bypass the software's kill switch.

The vulnerability, tracked as CVE-2020-15590, was discovered by Sick Codes and it affects versions 1.5 through 2.3 of PIA's Linux client.

The client's kill switch is configured to block all inbound and outbound network traffic when a VPN connection drops. However, privileged applications still have the ability to send and receive network traffic even when the kill switch is turned on if net.ipv4.ip_forward has been enabled in the system kernel parameters.

In a vulnerability disclosure on its site, Sick Codes explained that a Docker container running on a host with the VPN turned off and the kill switch turned on can continue using the internet and leak the host IP. This could allow a remote attacker to read sensitive information by intercepting network traffic.

Using Docker with a VPN

TechRadar Pro reached out to PIA regarding the now patched vulnerability and a spokesperson for the company provided the following statement explaining the issue:

“We were contacted in relation to the use of the Docker platform exclusively with the PIA Linux client in July 2020. Docker on Linux had not previously been supported by PIA as the Docker engine runs with root privileges, and we cannot guarantee that the killswitch will protect software that is itself able to control networking. The issue raised solely relates to using the PIA Linux client in the host while running other Docker containers on that same host. This issue relates to forwarded network connections on Linux, which are used by the Docker platform. This is not to be confused with common “VPN containers” used by users online, which create a VPN connection inside the container to be used for specific apps only.

“For the issue raised, we have no legacy customer support requests relating to this use case. We welcome input from community sources in addressing their usage and with this in mind, we took the decision to support this use case with our next Linux client release.”

PIA users running Docker on Linux should upgrade to version 2.4 of the company's client as soon as possible to avoid any potential attacks leveraging this vulnerability.

  • Also check out our complete list of the best VPN services


from TechRadar - All the latest technology news https://ift.tt/3mBwIHl
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Popular VPN closes critical vulnerability on Linux client
Popular VPN closes critical vulnerability on Linux client
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/09/popular-vpn-closes-critical.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/09/popular-vpn-closes-critical.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy