Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0118 — Improper Control of Interaction Frequency in Redhat Linux

8 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 64.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Linux SUN Solaris SUN Sunos

Timeline

PublishedJun 9

Latest updateApr 30

Description

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDredhat/linux11 versions+10

▶NVDsun/sunos8 versions+7

▶NVDsun/solaris1.1.3, 1.1.4, 2.4+2

🔴Vulnerability Details

GHSA

GHSA-pcr7-6q32-4xxw: The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to con↗2022-04-30

▶

CVEList

CVE-2000-0118: The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to con↗2000-02-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2000/2003/2004/XP - File Memory Corruption↗2008-03-07

▶

Exploit-DB

Microsoft BizTalk Server 2000/2002 DTA - 'rawdocdata.asp' SQL Injection↗2003-04-30

▶

Exploit-DB

Microsoft BizTalk Server 2000/2002 DTA - 'RawCustomSearchField.asp' SQL Injection↗2003-04-30

▶

Exploit-DB

Ultimate Bulletin Board 5.4/6.0/6.2 - Cross-Agent Scripting↗2002-01-09

▶

Exploit-DB

RedHat Linux 5.2 i386/6.0 - No Logging↗1999-06-09

▶