CyberSec.Space Logo
Back to CVE Browser

CVE-2017-11747

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile11.03th
PublishedJul 30, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.

Affected Platforms (CPE)

πŸ“¦
Tinyproxy Project

Tinyproxy

<= 1.8.4

References & Advisories

πŸ”— https://github.com/tinyproxy/tinyproxy/issues/106
πŸ”— https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html
πŸ”— https://github.com/tinyproxy/tinyproxy/issues/106
πŸ”— https://lists.debian.org/debian-lts-announce/2020/03/msg00037.html

Related Vulnerabilities

CVE-2001-012910.0

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execut...

CVE-2002-08477.5

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (d...

CVE-2011-18436.8

Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opport...

CVE-2012-35055.0

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large numb...