Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files (bleepingcomputer.com)

Posted by msmash on Tuesday April 10, 2018 @03:20AM from the a-quiet-place dept.

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.

2 of 109 comments (clear)

Min score:

Reason:

Sort:

I find it ironic... by frank_adrian314159 · 2018-04-10 03:57 · Score: 4, Insightful

... that a command that probably started life as putchar('\007'); could morph into some monster needing to spawn threads and have race conditions.

--
That is all.
Re:bleep by Anonymous Coward · 2018-04-10 03:58 · Score: 0, Insightful

If Hillary had committed any crimes, dontchathink that the Republican lead Congress would have found her guilty of something and actually done something about it?
Is someone a criminal really because a bunch of crazies keep making shit up about them?