CVE-2017-11747

Priority
Description
main.c in Tinyproxy 1.8.4 and earlier creates a
/run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root
account, which might allow local users to kill arbitrary processes by
leveraging access to this non-root account for tinyproxy.pid modification
before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`"
command.
Assigned-to
mikesalvatore
Package
Upstream:released (1.10.0-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.10.0-1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.10.0-1)
More Information

Updated: 2018-11-08 19:14:23 UTC (commit dfbb6b9afc0279701b573b0907d9824601f6ec26)