Published: 09/06/1999 Updated: 30/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local malicious users to conduct brute force password guessing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat linux 3.0.3
redhat linux 4.0
redhat linux 5.2
redhat linux 6.0
sun sunos -
sun sunos 4.1.4
sun sunos 5.1
sun sunos 5.2
redhat linux 4.1
redhat linux 4.2
redhat linux 6.1
sun solaris 1.1.3
sun sunos 5.3
sun sunos 5.4
redhat linux 5.0
redhat linux 5.1
sun solaris 1.1.4
sun solaris 2.4
sun sunos 5.5
redhat linux 2.0
redhat linux 2.1
sun solaris
sun sunos 4.1.3
sun sunos 5.0

source: wwwsecurityfocuscom/bid/320/info A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity su is a command that allows users to change identifies by supplying a password If the password is correct su immediately executes a new shell with the identity of ...

NVD-CWE-Other http://marc.info/?l=bugtraq&m=94935300520617&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/19255/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0118

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect