Linux: Beep Command Can Be Used to Probe for the Presence of Sensitive Files

Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.

Re:bleep

[Stephan+Schulz]

I consider it ironic that the Presiding officer of the United States is about to become the most carefully guarded criminal in that nation's storied history...

I. on the other hand, thinks it's absolutely routine for the President of the United states to be the most carefully guided criminal in the nation at any given time. Unfortunately, not all crimes go punished...

Re:bleep

[kqs]

Dude, Hillary lost. You need to find another female on whom you can blame your personal failings and insecurities. The common choice now is Nancy Pelosi, though Elizabeth Warren is gaining popularity with the insecure males in the world. So, are you an "old standby" or "up-and-coming" kinda blamer?

Getting to the original subject: Why would the beep command need root access? Also, why would someone want a beep command to make noise on the computer where it is running? I have a bash alias which beeps on the computer where I am physically typing, which is rarely the same one where I am running things.

Re:bleep

[Archangel+Michael]

No. Most of the Republicans are chickenshit and scared of their own shadow. When push comes to shove, they'll always side with the democrats.