
CVE-2018-0492: Local privilege escalation in Linux program that plays a beep - seanwilson
https://holeybeep.ninja/
======
333c
This is satire, yes? The footer links to
[https://github.com/dirtycow/dirtycow.github.io](https://github.com/dirtycow/dirtycow.github.io)
, which is a real vulnerability. Further, this is the proof-of-concept from
[https://holeybeep.ninja/am_i_vulnerable.sh](https://holeybeep.ninja/am_i_vulnerable.sh)
:

    
    
        #!/bin/sh
        # TODO: Backdoor this machine?
        modprobe pcspkr
        beep -l 1000 -r 3 -f 44000

~~~
seanwilson
The website is tongue-in-cheek but the exploit patch is documented here:

"Debian Security Advisory DSA-4163-1 beep -- security update"

[https://www.debian.org/security/2018/dsa-4163](https://www.debian.org/security/2018/dsa-4163)

~~~
avian
Apart from confirming the vulnerability, that page doesn't really give any
technical info. Does anyone have any details on the problem? It's such a
simple program that I'm fascinated by the fact that it has a security
vulnerability.

I was looking at the patch that Debian shipped and it seems to me that there
was some kind of a race condition when opening the console device multiple
times, but I can't figure out the exact source of the problem.

~~~
jwilk
[https://news.ycombinator.com/item?id=16753013](https://news.ycombinator.com/item?id=16753013)
has more discussion, but so far nobody has figured out what exactly is going
on.

------
eadmund
I figured that the joke was encouraging folks to run unexamined, downloaded
shell scripts.

------
seanwilson
I thought this was interesting as a cautionary tale that even tiny open source
programs that are widely installed for years can contain critical security
exploits. I don't understand the trend of security exploits getting their own
website, name and logo though.

~~~
ringshall
This site seems to have been created by a company specializing in giving
security exploits their own branding:

"I want to brand my next vulnerability. Can you make a logo for me?

Great idea! Please contact our sales department."

It's definitely not associated with the person who discovered the beep vuln:

"Holey Beep is a community-maintained project for the bug otherwise known as
CVE-2018-0492. It is not associated with the Linux Foundation, nor with the
original discoverer of this vulnerability. If you would like to contribute go
to GitHub."

Strange.

~~~
AstralStorm
April Fools' was recently. Someone's is making light of the vulnerability
names and certain purple going off on these like it is the end of the world.

------
semi-extrinsic
Yet another reason to blacklist the pcspkr module.

~~~
NinjaKitten
So you didn't read it.

