Medium severity5.5NVD Advisory· Published Jul 30, 2017· Updated Jun 17, 2026
CVE-2017-11747
CVE-2017-11747
Description
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill cat /run/tinyproxy/tinyproxy.pid" command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/tinyproxy&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/tinyproxy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tinyproxy&distro=SUSE%20Package%20Hub%2015%20SP5
< 1.11.2-bp155.3.3.1+ 2 more
- (no CPE)range: < 1.11.2-bp155.3.3.1
- (no CPE)range: < 1.11.0-1.3
- (no CPE)range: < 1.11.2-bp155.3.3.1
Patches
Vulnerability mechanics
References
2- github.com/tinyproxy/tinyproxy/issues/106nvdIssue TrackingPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/03/msg00037.htmlnvd
News mentions
0No linked articles in our index yet.