CVE-2000-0118
Description
Red Hat Linux su fails to log failed password guesses when the process is killed before timeout, aiding brute force attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Red Hat Linux su fails to log failed password guesses when the process is killed before timeout, aiding brute force attacks.
Vulnerability
The su program in Red Hat Linux (tested on Red Hat 6.1 and others using PAM) does not log failed password attempts if the su process is terminated (e.g., via a signal) before its timeout occurs [1]. This allows an attacker to perform rapid brute-force password guessing without leaving any evidence in system logs.
Exploitation
A local attacker executes a script that repeatedly runs su with guessed passwords and kills the process with a configurable delay (e.g., 0.3 seconds) before the normal timeout writes a syslog entry. The attacker requires local shell access and a wordlist of potential passwords. No special privileges are needed beyond the ability to send signals to processes owned by themselves [1].
Impact
Successful brute-force guessing reveals the password of the target local user, potentially leading to privilege escalation if the target is a different user (e.g., root). The lack of logging means the attack can go unnoticed, giving the attacker an opportunity to compromise accounts without triggering alarms [1].
Mitigation
Red Hat shipped a fix by changing the order of operations so that syslog logging occurs before the sleep() call, ensuring all failed attempts are recorded. Users should apply vendor patches or upgrade to a fixed version (release date not specified in the reference). No permanent disabling of su is required, but administrators should monitor for unusual process patterns. The vulnerability is not listed in the CISA KEV catalog [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
31cpe:2.3:o:redhat:linux:2.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:o:redhat:linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.2:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:5.2:*:sparc:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:i386:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*
- (no CPE)
cpe:2.3:o:sun:solaris:1.1.3:u1:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:sun:solaris:1.1.3:u1:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:1.1.4:*:jl:*:*:*:*:*
- cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:*:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- marc.infonvd
News mentions
0No linked articles in our index yet.