Holey Beep Vulnerability (CVE-2018-0492)

New security vulnerability was discovered in the Linux “Beep” command line tool. It was regularly used to control a PC Speaker, but recently it was found that the beep can be used for local privilege escalation revealing whether any file exists bypassing permissions. Another impact is file side effects, which could be triggered without authorization.

To find out if your system is affected by this bug, run this command:

curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash

 

If your machine is vulnerable, you will hear a beep sound.

The patch provided by holeybeep.ninja site fixes the race condition bugs, however, it exposes a system to arbitrary code execution, which is potentially a more severe vulnerability.

One possible solution to address this issue is to refrain from using the “Beep” command at all, like in openSUSE distro, which employs simple “printf ‘\a’” instead.

 

Read more:

https://holeybeep.ninja/

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895115

https://github.com/johnath/beep/issues/11

http://seclists.org/oss-sec/2018/q2/20