Catalin Cimpanu, writing for BleepingComputer: A vulnerability in the "beep" package that comes pre-installed with Debian and Ubuntu distros allows an attacker to probe for the presence of files on a computer, even those owned by root users, which are supposed to be secret and inaccessible. The vulnerability, tracked as CVE-2018-0492, has been fixed in recent versions of Debian and Ubuntu (Debian-based OS). At its core, the bug is a race condition in the beep utility that allows the OS to emit a "beep" sound whenever it is deemed necessary. Security researchers have discovered a race condition in the beep package that allows an attacker to elevate his code to root-level access.

  • Anyone else find it ironic that this comes from bleepingcomputer.com?

  • Beep is not pre-installed on Debian GNU/Linux.

    • It's not pre - installed on Mint either

      by sjwest ( 948274 )

      Its not debian installed by default

      beep does what you'd expect: it beeps. But unlike printf "\a" beep allows
      you to control pitch, duration, and repetitions. Its job is to live inside
      shell/perl scripts and allow more granularity than one has otherwise. It is
      controlled completely through command

      I suppose somebody needs that, not us.

