Popular VPN closes critical vulnerability on Linux client
Kill switches are less effective while running Docker and other software that can control networking
The VPN service Private Internet Access (PIA) has released a new version of its Linux client which fixes a critical vulnerability that could have allowed remote attackers to bypass the software's kill switch.
The vulnerability, tracked as CVE-2020-15590, was discovered by Sick Codes and it affects versions 1.5 through 2.3 of PIA's Linux client.
The client's kill switch is configured to block all inbound and outbound network traffic when a VPN connection drops. However, privileged applications still have the ability to send and receive network traffic even when the kill switch is turned on if net.ipv4.ip_forward has been enabled in the system kernel parameters.
- We've put together a list of the best Linux distros available
- These are the best secure VPN providers on the market
- We've also highlighted the best cloud storage services
In a vulnerability disclosure on its site, Sick Codes explained that a Docker container running on a host with the VPN turned off and the kill switch turned on can continue using the internet and leak the host IP. This could allow a remote attacker to read sensitive information by intercepting network traffic.
Using Docker with a VPN
TechRadar Pro reached out to PIA regarding the now patched vulnerability and a spokesperson for the company provided the following statement explaining the issue:
“We were contacted in relation to the use of the Docker platform exclusively with the PIA Linux client in July 2020. Docker on Linux had not previously been supported by PIA as the Docker engine runs with root privileges, and we cannot guarantee that the killswitch will protect software that is itself able to control networking. The issue raised solely relates to using the PIA Linux client in the host while running other Docker containers on that same host. This issue relates to forwarded network connections on Linux, which are used by the Docker platform. This is not to be confused with common “VPN containers” used by users online, which create a VPN connection inside the container to be used for specific apps only.
“For the issue raised, we have no legacy customer support requests relating to this use case. We welcome input from community sources in addressing their usage and with this in mind, we took the decision to support this use case with our next Linux client release.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
PIA users running Docker on Linux should upgrade to version 2.4 of the company's client as soon as possible to avoid any potential attacks leveraging this vulnerability.
- Also check out our complete list of the best VPN services
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.