CVE-2018-1000532

Name of the Vulnerable Software and Affected Versions beep version 1.3 and up

Description The issue is related to an External Control of File Name or Path vulnerability in the --device option of the beep utility. This can result in a Local Denial of Service (DoS) attack, where an unprivileged user can inhibit the execution of arbitrary programs by other users. The attack is exploitable if the system allows local users to run beep. The vulnerability is associated with insufficient restrictions on the directory path name, which can be exploited by an attacker to cause a denial of service.

Recommendations For beep version 1.3 and up, consider restricting access to the --device option to prevent exploitation until a patch is available. As a temporary workaround, consider disabling the --device option in the beep utility to minimize the risk of exploitation.