Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626628 (CVE-2017-11747)

Summary: <net-proxy/tinyproxy-1.10.0-r1: non-root can kill arbitrary processes (CVE-2017-11747)
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bkohler, maintainer-needed
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: C3 [noglsa cve]
Package list:
=net-proxy/tinyproxy-1.10.0-r1
 Runtime testing required: No

Description Aleksandr Wagner (Kivak) 2017-07-30 16:46:19 UTC 
CVE-2017-11747 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11747):

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. 

References:

https://github.com/tinyproxy/tinyproxy/issues/106
Comment 1 Michael Boyle 2018-04-30 03:01:25 UTC 
The patch has been merged in upstream. Please bump.

Michael Boyle
Gentoo Security Padawan
Comment 2 Ben Kohler gentoo-dev 2018-10-09 13:29:23 UTC 
Bumped to 1.10.0
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-25 00:07:18 UTC 
@maintainer, please let us know when you want to stabilize.
Comment 4 Ben Kohler gentoo-dev 2018-11-26 17:03:24 UTC 
We can stabilize this any time
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2018-11-26 18:58:09 UTC 
@arches, please stabilize.
Comment 6 Larry the Git Cow gentoo-dev 2018-11-27 16:01:22 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55f51b2edc8883d92606e94feb667732d14d5dcb

commit 55f51b2edc8883d92606e94feb667732d14d5dcb
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2018-11-27 16:00:55 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2018-11-27 16:00:55 +0000

    net-proxy/tinyproxy-1.10.0-r1: alpha stable
    
    Bug: http://bugs.gentoo.org/626628
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 net-proxy/tinyproxy/tinyproxy-1.10.0-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2018-11-27 16:05:52 UTC 
Stable on alpha.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-27 21:57:50 UTC 
x86 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-28 22:41:31 UTC 
ia64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-28 22:42:39 UTC 
ppc stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2018-11-29 19:55:28 UTC 
amd64 stable
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2018-11-29 21:09:58 UTC 
tree is now clean.