Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files (bleepingcomputer.com)

Posted by msmash on from the a-quiet-place dept.

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.

1 of 109 comments (clear)

  1. I find it ironic... by frank_adrian314159 · · Score: 4, Insightful

    ... that a command that probably started life as putchar('\007'); could morph into some monster needing to spawn threads and have race conditions.

    --
    That is all.