Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626628 (CVE-2017-11747) - <net-proxy/tinyproxy-1.10.0-r1: non-root can kill arbitrary processes (CVE-2017-11747)
Summary: <net-proxy/tinyproxy-1.10.0-r1: non-root can kill arbitrary processes (CVE-20...
Status: RESOLVED FIXED
Alias: CVE-2017-11747
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-30 16:46 UTC by Aleksandr Wagner (Kivak)
Modified: 2018-11-29 21:09 UTC (History)
2 users (show)

See Also:
Package list:
=net-proxy/tinyproxy-1.10.0-r1
Runtime testing required: No
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-07-30 16:46:19 UTC
CVE-2017-11747 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11747):

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command. 

References:

https://github.com/tinyproxy/tinyproxy/issues/106
Comment 1 Michael Boyle 2018-04-30 03:01:25 UTC
The patch has been merged in upstream. Please bump.

Michael Boyle
Gentoo Security Padawan
Comment 2 Ben Kohler gentoo-dev 2018-10-09 13:29:23 UTC
Bumped to 1.10.0
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-11-25 00:07:18 UTC
@maintainer, please let us know when you want to stabilize.
Comment 4 Ben Kohler gentoo-dev 2018-11-26 17:03:24 UTC
We can stabilize this any time
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2018-11-26 18:58:09 UTC
@arches, please stabilize.
Comment 6 Larry the Git Cow gentoo-dev 2018-11-27 16:01:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55f51b2edc8883d92606e94feb667732d14d5dcb

commit 55f51b2edc8883d92606e94feb667732d14d5dcb
Author:     Tobias Klausmann <klausman@gentoo.org>
AuthorDate: 2018-11-27 16:00:55 +0000
Commit:     Tobias Klausmann <klausman@gentoo.org>
CommitDate: 2018-11-27 16:00:55 +0000

    net-proxy/tinyproxy-1.10.0-r1: alpha stable
    
    Bug: http://bugs.gentoo.org/626628
    Signed-off-by: Tobias Klausmann <klausman@gentoo.org>

 net-proxy/tinyproxy/tinyproxy-1.10.0-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2018-11-27 16:05:52 UTC
Stable on alpha.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-27 21:57:50 UTC
x86 stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-28 22:41:31 UTC
ia64 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2018-11-28 22:42:39 UTC
ppc stable
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-11-29 19:55:28 UTC
amd64 stable
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2018-11-29 21:09:58 UTC
tree is now clean.