Get back

Holey beep vulnerability (CVE-2018-0492)

16.04.2018

New security vulnerability was discovered in linux beep command line tool. Normally it used to control PC Speaker, but recently it was found that beep can be used for local privilege escalation revealing whether any file exists bypassing permissions. Another impact is file side effects, which could be triggered without authorization.

To discover if your system is affected run this command:

<code>

curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash

</code>

If your machine is vulnerable, you will hear beep sound.

Patch provided by holeybeep.ninja site fixes race condition bug, but exposes system to arbitrary code execution, which is potentially more serious vulnerability.

Possible solution to address this issue, is to refrain from using “beep” command at all, like in openSUSE distro, which employs simple “printf ‘\a’” instead.

 

Further reading:

https://holeybeep.ninja/

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895115

https://github.com/johnath/beep/issues/11

http://seclists.org/oss-sec/2018/q2/20