Required CVE Record Information
Description
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://github.com/tinyproxy/tinyproxy/issues/106 x_transferred
- lists.debian.org: [debian-lts-announce] 20200331 [SECURITY] [DLA 2163-1] tinyproxy security update mailing-listx_transferred