Summary: | <app-misc/beep-1.3-r3: local privilege escalation (CVE-2018-0492) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | shell-tools |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.debian.org/debian-security-announce/2018/msg00089.html | ||
Whiteboard: | C1 [glsa+ cve cleanup] | ||
Package list: |
app-misc/beep-1.3-r3
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-04-03 12:47:31 UTC
It was discovered that a race condition in beep (installed with USE flag "suid", which isn't the default) allows for local privilege escalation. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5945809cd0c40e44313891742b0b61f90eecbfb8 commit 5945809cd0c40e44313891742b0b61f90eecbfb8 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2018-04-04 20:34:21 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-04-04 20:35:17 +0000 app-misc/beep: patch against CVE-2018-0292. Bug: https://bugs.gentoo.org/652330 See-Also: https://github.com/johnath/beep/issues/11 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-misc/beep/beep-1.3-r3.ebuild | 37 ++++++++ app-misc/beep/files/beep-1.3-CVE-2018-0492.patch | 106 +++++++++++++++++++++++ 2 files changed, 143 insertions(+)} An automated check of this bug failed - the following atom is unknown: app-misc/beep/beep-1.3-r3 Please verify the atom list. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ac8c5c29bb140704be9248631f5ba4119ade913 commit 3ac8c5c29bb140704be9248631f5ba4119ade913 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-05 02:54:04 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-05 02:54:04 +0000 app-misc/beep: amd64 stable Bug: https://bugs.gentoo.org/652330 Package-Manager: Portage-2.3.28, Repoman-2.3.9 app-misc/beep/beep-1.3-r3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} x86 stable Stable on alpha. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=205667c826d9ebe7128110a15ab5477bb9af3749 commit 205667c826d9ebe7128110a15ab5477bb9af3749 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-05 20:06:43 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-05 21:06:31 +0000 app-misc/beep: stable 1.3-r3 for sparc Bug: https://bugs.gentoo.org/652330 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-misc/beep/beep-1.3-r3.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)} Exploit at https://www.exploit-db.com/exploits/44452/ , if someone is interested. arm stable ppc/ppc64 stable all arches stable. @maintainer(s), please clean. This issue was resolved and addressed in GLSA 201805-15 at https://security.gentoo.org/glsa/201805-15 by GLSA coordinator Aaron Bauman (b-man). |