CVE-2018-0492

Name of the Vulnerable Software and Affected Versions beep versions through 1.3.4

Description The issue is related to a race condition in the beep utility's handling of signals, specifically SIGINT and SIGTERM, which can lead to the exploitation of the free() function. This exploitation may allow an attacker to gain access to confidential information or block the execution of arbitrary applications by interrupting the free() function with another signal, thus disrupting the data structures in use.

Recommendations For versions through 1.3.4, consider removing the setuid bit to prevent local privilege escalation until a patch is available. As a temporary workaround, consider restricting access to the beep utility to minimize the risk of exploitation.