Debian Beep Privilege Escalation Vulnerability

A vulnerability has been discovered in the beep package which allows an authenticated user to escalate their privileges.

Threat ID:: CC-2242
Category:
Threat Severity:: Low
Threat Vector:
Published:: 12 April 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A vulnerability has been discovered in the beep package which allows an authenticated user to escalate their privileges.

Affected platforms

The following platforms are known to be affected:

Debian Jessie

Debian Jessie - all package versions prior to 1.3-3+deb8u1
Debian Stretch - all package versions prior to 1.3-4+deb9u1
Other distributions based on Debian, including Ubuntu - all versions of beep up to 1.3.4

Debian Stretch

Threat details

Beep is a component of the Debian Linux distribution which allows the user to control the PC speaker. The package is not installed in the default configuration. The bug is a race condition, an undesirable situation that occurs when events do not happen in the intended sequence.

The escalation of privileges allows an attacker to use a compromised user account to bypass permissions and carry out administrative and system operations.

Remediation steps

Type	Step
	Update the beep package to the latest version, or uninstall it if not required.

Last edited: 17 February 2020 12:41 pm