CVE-2017-11747

MEDIUM

Tinyproxy <1.8.4 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.

References (2)

Core 2
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/tinyproxy/tinyproxy/issues/106
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html

Scores

CVSS v3 5.5
EPSS 0.0029
EPSS Percentile 20.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-269
Status published
Products (1)
tinyproxy_project/tinyproxy < 1.8.4
Published Jul 30, 2017
Tracked Since Feb 18, 2026