CVE-2017-11747
Published: 30 July 2017
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
From the Ubuntu Security Team
It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tinyproxy Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Released
(1.8.4-5ubuntu0.1~esm1)
Available with Ubuntu Pro |
|
| cosmic |
Not vulnerable
(1.10.0-1)
|
|
| disco |
Not vulnerable
(1.10.0-1)
|
|
| eoan |
Not vulnerable
(1.10.0-1)
|
|
| focal |
Not vulnerable
(1.10.0-1)
|
|
| groovy |
Not vulnerable
(1.10.0-1)
|
|
| hirsute |
Not vulnerable
(1.10.0-1)
|
|
| impish |
Not vulnerable
(1.10.0-1)
|
|
| jammy |
Not vulnerable
(1.10.0-1)
|
|
| kinetic |
Not vulnerable
(1.10.0-1)
|
|
| lunar |
Not vulnerable
(1.10.0-1)
|
|
| trusty |
Released
(1.8.3-3ubuntu14.04.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(1.10.0-1)
|
|
| xenial |
Released
(1.8.3-3ubuntu16.04.1~esm1)
Available with Ubuntu Pro |
|
| zesty |
Ignored
(end of life)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |