Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0378Redhat Linux vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.9%
top 23.61%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Redhat Linux
Timeline
PublishedMay 3
Latest updateApr 30

Description

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDredhat/linux6.0, 6.1, 6.2+2

🔴Vulnerability Details

2
GHSA
GHSA-5949-54q2-grjg: The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can b2022-04-30
CVEList
CVE-2000-0378: The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can b2000-10-13

💥Exploits & PoCs

1
Exploit-DB
RedHat Linux 6.0/6.1/6.2 - 'pam_console' Monitor Activity After Logout2000-05-03
CVE-2000-0378 — Redhat Linux vulnerability | cvebase