main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill cat /run/tinyproxy/tinyproxy.pid
" command.
{ "binaries": [ { "binary_name": "tinyproxy", "binary_version": "1.8.3-3ubuntu14.04.1~esm1" }, { "binary_name": "tinyproxy-dbgsym", "binary_version": "1.8.3-3ubuntu14.04.1~esm1" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "tinyproxy", "binary_version": "1.8.3-3ubuntu16.04.1~esm1" }, { "binary_name": "tinyproxy-dbgsym", "binary_version": "1.8.3-3ubuntu16.04.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "tinyproxy", "binary_version": "1.8.4-5ubuntu0.1~esm1" }, { "binary_name": "tinyproxy-bin", "binary_version": "1.8.4-5ubuntu0.1~esm1" }, { "binary_name": "tinyproxy-bin-dbgsym", "binary_version": "1.8.4-5ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium" }