CVE-2000-0118
Red Hat Linux su - Unauthenticated Failed Password Guess Logging Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-0118. PoCs published by Tani Hosokawa.
AI-analyzed exploit summary This exploit leverages a timing flaw in the `su` command on older Unix systems (e.g., Solaris 2.5) where authentication failures are logged after a sleep delay. By sending a SIGINT during this delay, an attacker can brute-force passwords without logging attempts. The script automates this using Expect to test passwords from a file.
Description
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
Exploits (1)
This exploit leverages a timing flaw in the `su` command on older Unix systems (e.g., Solaris 2.5) where authentication failures are logged after a sleep delay. By sending a SIGINT during this delay, an attacker can brute-force passwords without logging attempts. The script automates this using Expect to test passwords from a file.