Lucene search
HistoryFeb 08, 2000 - 5:00 a.m.
CVE-2000-0118
red hat
linux su
cve-2000-0118
password guessing
brute force
security vulnerability
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
Affected configurations
Node
redhatlinuxMatch2.0
ORredhatlinuxMatch2.1
ORredhatlinuxMatch3.0.3
ORredhatlinuxMatch4.0
ORredhatlinuxMatch4.1
ORredhatlinuxMatch4.2
ORredhatlinuxMatch5.0
ORredhatlinuxMatch5.1
ORredhatlinuxMatch5.2alpha
ORredhatlinuxMatch5.2i386
ORredhatlinuxMatch5.2sparc
ORredhatlinuxMatch6.0alpha
ORredhatlinuxMatch6.0i386
ORredhatlinuxMatch6.0sparc
ORredhatlinuxMatch6.1alpha
ORredhatlinuxMatch6.1i386
ORredhatlinuxMatch6.1sparc
ORsunsolarisx86
ORsunsolarisMatch1.1.3u1
ORsunsolarisMatch1.1.4jl
ORsunsolarisMatch2.4x86
ORsunsunosMatch-
ORsunsunosMatch4.1.3
ORsunsunosMatch4.1.4
ORsunsunosMatch5.0
ORsunsunosMatch5.1
ORsunsunosMatch5.2
ORsunsunosMatch5.3
ORsunsunosMatch5.4
ORsunsunosMatch5.5
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Related for CVE-2000-0118