Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2018-0492

Published: 03/04/2018 Updated: 14/03/2019
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 445
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Beep Project

Vulnerability Summary

Johnathan Nightingale beep up to and including 1.3.4, if setuid, has a race condition that allows local privilege escalation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

beep project beep

debian debian linux 7.0

debian debian linux 9.0

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2018-1000532
Debian Bug report logs - #902722 CVE-2018-1000532 Package: beep; Maintainer for beep is Rhonda D'Vine <rhonda@debianorg>; Source for beep is src:beep (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:06:12 UTC Severity: grave Tags: security, upstream Found in version ...
Debian CVElist Bug Report Logs: beep: CVE-2018-0492
Debian Bug report logs - #894667 beep: CVE-2018-0492 Package: src:beep; Maintainer for src:beep is Rhonda D'Vine <rhonda@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 3 Apr 2018 04:45:01 UTC Severity: grave Tags: security, upstream Found in version beep/13-3 Fixed in versions beep/1 ...
Debian Security Advisories: DSA-4163-1 beep -- security update
It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation For the oldstable distribution (jessie), this problem has been fixed in version 13-3+deb8u1 For the stable distribution (stretch), this problem has been fixed in version 13-4+deb9u1 We recommend that you upgrade your beep pac ...
Arch Linux Issues:
beep through version 134 is vulnerable to local privilege escalation if the setuid bit is set for the beep binary ...

Exploits

Exploit DB: GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation
#!/usr/bin/env python3 # # E-DB Note ~ gistgithubcom/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc # E-DB Note ~ sigintsh/#/holeybeep # # This is an exploit for HoleyBeep # # To use it, place any command you want root to execute in `/tmp/x` # ``` # $ cat /tmp/x # echo PWNED $(whoami) ...

References

CWE-362https://security-tracker.debian.org/tracker/CVE-2018-0492https://lists.debian.org/debian-security-announce/2018/msg00089.htmlhttps://lists.debian.org/debian-lts-announce/2018/04/msg00002.htmlhttps://www.debian.org/security/2018/dsa-4163https://www.exploit-db.com/exploits/44452/https://security.gentoo.org/glsa/201805-15https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902722https://www.exploit-db.com/exploits/44452/https://www.debian.org/security/./dsa-4163
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook