Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0118

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0118
Last Modified 10 Sep 2008 03:02:56
Published 09 Jun 1999 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0118

Summary

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

Vulnerable Systems

Operating System

  • Redhat Linux 2.0

  • Redhat Linux 2.1

  • Redhat Linux 3.0.3

  • Redhat Linux 4.0

  • Redhat Linux 4.1

  • Redhat Linux 4.2

  • Redhat Linux 5.0

  • Redhat Linux 5.1

  • Redhat Linux 5.2

  • Redhat Linux 6.0

  • Redhat Linux 6.1

  • Sun Solaris

  • Sun Solaris 1.1

  • Sun Solaris 1.1.1a

  • Sun Solaris 1.1.2

  • Sun Solaris 1.1.3

  • Sun Solaris 1.1.4

  • Sun Solaris 1.2

  • Sun Solaris 2.0

  • Sun Solaris 2.1

  • Sun Solaris 2.2

  • Sun Solaris 2.3

  • Sun Solaris 2.4

  • Sun Solaris 2.5


References

BUGTRAQ - 20000130 RedHat 6.1 /and others/ PAM


Last Updated: 27 May 2016 10:35:34