CVE-2017-11747

Name of the Vulnerable Software and Affected Versions Tinyproxy versions 1.8.4 and earlier

Description The issue allows local users to potentially kill arbitrary processes by modifying the tinyproxy.pid file, which is created after privileges are dropped to a non-root account. This could be exploited before a root script executes a command to kill a process based on the pid file content.

Recommendations For Tinyproxy versions 1.8.4 and earlier, consider restricting access to the /run/tinyproxy/tinyproxy.pid file to prevent unauthorized modifications until a fix is available. As a temporary workaround, avoid using the "kill cat /run/tinyproxy/tinyproxy.pid" command in root scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.