CVE

Id
1696  
CVE No.
CVE-2000-0118  
Status
Candidate  
Description
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.  
Phase
Proposed (20000208)  
Votes
ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(1) Wall | REVIEWING(1) Christey  
Comments
Frech> Is this the same issue as BugTraq Mailing List, Wed, 9 Jun 1999 14:07:27 | -0700 "vulnerability in su/PAM in redhat" at | http://www.netspace.org/cgi-bin/wa?A2=ind9906b&L=bugtraq&F=&S=&P=5356 and | "Solaris 2.5 /bin/su [was: vulnerability in su/PAM in redhat]" at | http://www.netspace.org/cgi-bin/wa?A2=ind9906b&L=bugtraq&F=&S=&P=6051 | If so, then MODIFY XF:su-brute | Christey> BID:320 | URL:http://www.securityfocus.com/vdb/bottom.html?vid=320 | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:su-brute(2278) | This issue involves more platforms than Red Hat. See BugTraq | Mailing List, Thu Jun 10 1999 12:13:06, "Solaris 2.5 /bin/su [was: | vulnerability in su/PAM in redhat]", | http://www.securityfocus.com/archive/1/14854 | Christey> It does look like this is the same issue as the other Bugtraq | post that explicitly mentions Red Hat and PAM. | CHANGE> [Christey changed vote from NOOP to REVIEWING]  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
5269 1696 CVE-2000-0118 BUGTRAQ:20000130 RedHat 6.1 /and others/ PAM  View

Related JVN