Описание
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill cat /run/tinyproxy/tinyproxy.pid" command.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 1.10.0-1 |
| devel | not-affected | 1.10.0-1 |
| disco | not-affected | 1.10.0-1 |
| eoan | not-affected | 1.10.0-1 |
| esm-apps/bionic | released | 1.8.4-5ubuntu0.1~esm1 |
| esm-apps/focal | not-affected | 1.10.0-1 |
| esm-apps/jammy | not-affected | 1.10.0-1 |
| esm-apps/xenial | released | 1.8.3-3ubuntu16.04.1~esm1 |
Показывать по
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
2.1 Low
CVSS2
5.5 Medium
CVSS3