Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 659338 (CVE-2018-1000532) - <app-misc/beep-1.4.9: External control of file name or path via --device option (CVE-2018-1000532)
Summary: <app-misc/beep-1.4.9: External control of file name or path via --device opti...
Status: RESOLVED FIXED
Alias: CVE-2018-1000532
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/johnath/beep/issue...
Whiteboard: C3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-27 08:18 UTC by Florian Schuhmacher
Modified: 2020-06-23 11:07 UTC (History)
1 user (show)

See Also:
Package list:
app-misc/beep-1.4.9
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Schuhmacher 2018-06-27 08:18:12 UTC
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.


Gentoo Security Scout
Florian Schuhmacher
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-04-26 22:54:57 UTC
FYI 
Comment on the Link (in URL Field)
ndim commented on Jan 14
Given the lack of activity in this code repositiory since 2013, I have taken up the codebase, fixed a number of issues including the two CVEs (CVE-2018-0492 and CVE-2018-1000532) we have discussed here, and put it up on https://github.com/spkr-beep/beep with release 1.4.2 being current.
Comment 2 Larry the Git Cow gentoo-dev 2019-04-27 23:03:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=370f5643e13ef95e78e692752626e5c0391b10ef

commit 370f5643e13ef95e78e692752626e5c0391b10ef
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2019-04-27 21:06:10 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-04-27 23:03:09 +0000

    app-misc/beep: version bump.
    
    Bug: https://bugs.gentoo.org/659338
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
    Package-Manager: Portage-2.3.62, Repoman-2.3.11
    Closes: https://github.com/gentoo/gentoo/pull/11845
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 app-misc/beep/Manifest          |  1 +
 app-misc/beep/beep-1.4.4.ebuild | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2019-04-29 21:06:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6569e6455dae2d9786dbb473550396486f83b5dc

commit 6569e6455dae2d9786dbb473550396486f83b5dc
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2019-04-29 21:02:16 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2019-04-29 21:02:16 +0000

    Revert "app-misc/beep: version bump."
    
    This reverts commit 370f5643e13ef95e78e692752626e5c0391b10ef.
    
    * PR was merged from a fellow developer who I was not aware of being
    under a QA ban.
    
    * PR addressed an outstanding security issue with app-misc/beep hence
    the merge.
    
    * Reverted per the QA bug being opened.
    
    Bug: https://bugs.gentoo.org/684728
    Bug: https://bugs.gentoo.org/659338
    
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 app-misc/beep/Manifest          |  1 -
 app-misc/beep/beep-1.4.4.ebuild | 38 --------------------------------------
 2 files changed, 39 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2020-03-25 17:31:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=57f54cc39bb49a0f898b74644607658d950f514d

commit 57f54cc39bb49a0f898b74644607658d950f514d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 17:30:47 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 17:30:59 +0000

    app-misc/beep: bump to v1.4.9
    
    Bug: https://bugs.gentoo.org/659338
    Closes: https://bugs.gentoo.org/684600
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-misc/beep/Manifest          |  1 +
 app-misc/beep/beep-1.4.9.ebuild | 59 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
Comment 5 Thomas Deutschmann gentoo-dev Security 2020-03-25 19:06:53 UTC
GLSA Vote: No
Comment 6 Agostino Sarubbo gentoo-dev 2020-03-26 10:18:05 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-03-26 10:20:54 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-03-26 12:03:54 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-03-26 12:05:01 UTC
x86 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-03-30 13:36:20 UTC
arm stable
Comment 11 NATTkA bot gentoo-dev 2020-04-06 15:21:36 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2020-06-20 00:37:12 UTC
sparc was missed...
Comment 13 Rolf Eike Beer 2020-06-22 18:35:09 UTC
sparc stable. Last arch, closing.
Comment 14 Sam James archtester gentoo-dev Security 2020-06-22 18:36:05 UTC
(In reply to Rolf Eike Beer from comment #13)
> sparc stable. Last arch, closing.

Security bug ;)

----
@maintainer(s), please cleanup
Comment 15 Larry the Git Cow gentoo-dev 2020-06-23 07:28:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df371339089f4ceaa1674776d4ba105c3db8f021

commit df371339089f4ceaa1674776d4ba105c3db8f021
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2020-06-23 07:27:30 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2020-06-23 07:27:57 +0000

    app-misc/beep: remove vulnerable version.
    
    Bug: https://bugs.gentoo.org/659338
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Patrice Clement <monsieurp@gentoo.org>

 app-misc/beep/Manifest           |  1 -
 app-misc/beep/beep-1.3-r3.ebuild | 37 -------------------------------------
 app-misc/beep/beep-1.4.9.ebuild  |  2 +-
 3 files changed, 1 insertion(+), 39 deletions(-)
Comment 16 Sam James archtester gentoo-dev Security 2020-06-23 11:07:22 UTC
Thanks! All done.