Your message dated Fri, 10 Jul 2026 04:18:41 +0000
with message-id <[email protected]>
and subject line Bug#1141754: fixed in bettercap 2.33.0-4
has caused the Debian Bug report #1141754,
regarding Bettercap package: Unauthenticated REST API Local Privilege Escalation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1141754: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1141754
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:bettercap
Version: 2.33.0-2
Severity: critical

Dear Debian Bettercap Maintainer,

Bettercap 2.33.0-2 installs and starts a systemd service (bettercap.service)
running as root. The service enables the REST API (api.rest) on
127.0.0.1:8081 with authentication disabled by default because both
api.rest.username and api.rest.password are empty.

As a result, any local unprivileged user can send a POST request to
/api/session with a payload such as:

{"cmd":"!id"}

The ! command execution feature causes arbitrary shell commands to be
executed as root, resulting in a local privilege escalation.

The service logs explicitly report that authentication is disabled when the
username/password are unset.

Impact:

   -

   Local privilege escalation to root.
   -

   Arbitrary command execution as root.
   -

   No authentication required.
   -

   CVSS v3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
   -

   Related CWEs: CWE-306, CWE-78.

Suggested fix:

   -

   Do not install or enable bettercap.service by default, as it is not part
   of the documented installation procedure.
   -

   Alternatively, configure the service to require REST API authentication
   by default and/or avoid running it as root unless strictly necessary.

A complete proof-of-concept is available and can be provided if needed.

Regards,
-- 
Raffaele Forte

Cybersecurity Specialist
Founder at BackBox.org <https://www.backbox.org>

--- End Message ---
--- Begin Message ---
Source: bettercap
Source-Version: 2.33.0-4
Done: Francisco Vilmar Cardoso Ruviaro <[email protected]>

We believe that the bug you reported is fixed in the latest version of
bettercap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francisco Vilmar Cardoso Ruviaro <[email protected]> (supplier of updated 
bettercap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jul 2026 03:42:56 +0000
Source: bettercap
Architecture: source
Version: 2.33.0-4
Distribution: unstable
Urgency: medium
Maintainer: Francisco Vilmar Cardoso Ruviaro <[email protected]>
Changed-By: Francisco Vilmar Cardoso Ruviaro <[email protected]>
Closes: 1141754
Changes:
 bettercap (2.33.0-4) unstable; urgency=medium
 .
   * Drop debian/bettercap.install to stop installing
     bettercap.service by default. (Closes: #1141754)
Checksums-Sha1:
 94efcbd9739ace016fd14a404cdd2a9c00c88a59 3504 bettercap_2.33.0-4.dsc
 b698bd45af586798f538b6e15ebf80527cbff088 7000 bettercap_2.33.0-4.debian.tar.xz
 359f1eb106b0e12a12fbb464c208265aa6fb4798 10585 
bettercap_2.33.0-4_amd64.buildinfo
Checksums-Sha256:
 a95ebfd4b652baeacf6030b81857d23c62a4104716bff3ded60e6eb2d0aaae5b 3504 
bettercap_2.33.0-4.dsc
 00242b2dc9ffbb471ba2cb1acb0aa31cc9c23ca4e3a8e2ac64652a4ffb5f5aa3 7000 
bettercap_2.33.0-4.debian.tar.xz
 d2f74ae47d7ec394b631373f945f06f6b67e5dc6455f11db8ead3ab64b0269ed 10585 
bettercap_2.33.0-4_amd64.buildinfo
Files:
 09b393085c8dc57fe19eda8ac1da68db 3504 net optional bettercap_2.33.0-4.dsc
 c178c8c0949c131a2ea0f02f9ade2683 7000 net optional 
bettercap_2.33.0-4.debian.tar.xz
 718f49a05bf28c1bc2759b7548a87b80 10585 net optional 
bettercap_2.33.0-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEG4z2Vu87hEcvSPDngvv3BgsvfQAFAmpQbRkSHHZpbG1hckBk
ZWJpYW4ub3JnAAoJEIL79wYLL30ALJ8QAJtidTyPd74nc09WEDmC5eFD2xCfJC9p
vSOSssAHp5uPGFGjd3OntbPAwwcJ5e31q0paV9PnzaE22AyQfu7T64TzTKJQWctH
oAHPWImyXPXSWVvWU4w8uVjGUuiKmUywu1IxHPkMPedujGXaxvzxaA4eB+tTA4Hc
pAwNACqekvEj7ArALVF4EXTHIGK0CFMCllsKBgfX1SZh8CFW67GEgqRh+8LrPcpP
DLbwc+OIju3X8/zmYzsgnFJBMG6YN7YYNUcsmd9RK/iS6J5t1m37u9riiGuqdRpM
zeWfFCeOJBnhSPw0mP6ZuqAFNakdhO5Ik1tP6RreYbL/bOrr0FZyv/IrvzsXX/Nb
A+5KdYM5S3kyRu0XELZeEqcSyT3Ady/2qcyZzmoVT87HdujHUOt9qkB+iHEhsBGH
7kO6DszuPDo0TYMaYVgYXZmkgP+romI4iMwEPzF2E4Qft0u7C4rbiCaumWMCPR6Y
vN7I9Y22rwYkd4ilYJOtsf3o+zzJr4fturc+b6XGCvyAyGuMaqo4aljGUYQ9CkAI
mY47FkZKJNvrEbCLByIeDl1zSqCQopBO+XDcx7IjkRu7bDOhOpvnt0HyQzyFtb7L
6MUxpmZ2z8SCUFgBgCOMacLOEhETEMXEzQ3g6r2OCGyYEwJnF4omUqmpLsH1TjDU
6Pt+Seew9xja
=2R2i
-----END PGP SIGNATURE-----

Attachment: pgpZx2AfEL8eU.pgp
Description: PGP signature


--- End Message ---

Reply via email to