CVE Vulnerabilities

CVE-2000-0118

Published: Jun 09, 1999 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

Affected Software

Name Vendor Start Version End Version
Linux Redhat 2.0 2.0
Linux Redhat 2.1 2.1
Linux Redhat 3.0.3 3.0.3
Linux Redhat 4.0 4.0
Linux Redhat 4.1 4.1
Linux Redhat 4.2 4.2
Linux Redhat 5.0 5.0
Linux Redhat 5.1 5.1
Linux Redhat 5.2 5.2
Linux Redhat 5.2 5.2
Linux Redhat 5.2 5.2
Linux Redhat 6.0 6.0
Linux Redhat 6.0 6.0
Linux Redhat 6.0 6.0
Linux Redhat 6.1 6.1
Linux Redhat 6.1 6.1
Linux Redhat 6.1 6.1
Solaris Sun * *
Solaris Sun 1.1.3 1.1.3
Solaris Sun 1.1.4 1.1.4
Solaris Sun 2.4 2.4
Sunos Sun - -
Sunos Sun 4.1.3 4.1.3
Sunos Sun 4.1.4 4.1.4
Sunos Sun 5.0 5.0
Sunos Sun 5.1 5.1
Sunos Sun 5.2 5.2
Sunos Sun 5.3 5.3
Sunos Sun 5.4 5.4
Sunos Sun 5.5 5.5

References