CVE-2000-0118

Red Hat Linux su - Unauthenticated Failed Password Guess Logging Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0118. PoCs published by Tani Hosokawa.

AI-analyzed exploit summary This exploit leverages a timing flaw in the `su` command on older Unix systems (e.g., Solaris 2.5) where authentication failures are logged after a sleep delay. By sending a SIGINT during this delay, an attacker can brute-force passwords without logging attempts. The script automates this using Expect to test passwords from a file.

Description

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tani Hosokawa · textlocallinux
https://www.exploit-db.com/exploits/19255

This exploit leverages a timing flaw in the `su` command on older Unix systems (e.g., Solaris 2.5) where authentication failures are logged after a sleep delay. By sending a SIGINT during this delay, an attacker can brute-force passwords without logging attempts. The script automates this using Expect to test passwords from a file.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Unix su command (e.g., Solaris 2.5 and below, sh-utils-1.16-14, pam-0.64-3)
No auth needed
Prerequisites: Local access to the target system · List of passwords to brute-force
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94935300520617&w=2

Scores

EPSS 0.0079
EPSS Percentile 51.5%

Details

Status published
Products (24)
redhat/linux 2.0
redhat/linux 2.1
redhat/linux 3.0.3
redhat/linux 4.0
redhat/linux 4.1
redhat/linux 4.2
redhat/linux 5.0
redhat/linux 5.1
redhat/linux 5.2 (3 CPE variants)
redhat/linux 6.0 (3 CPE variants)
... and 14 more
Published Jun 09, 1999
Tracked Since Feb 18, 2026