Description
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tani Hosokawa · textlocallinux
https://www.exploit-db.com/exploits/19255
References (1)
Core 1
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=94935300520617&w=2
Scores
EPSS
0.0015
EPSS Percentile
34.8%
Details
Status
published
Products (24)
redhat/linux
2.0
redhat/linux
2.1
redhat/linux
3.0.3
redhat/linux
4.0
redhat/linux
4.1
redhat/linux
4.2
redhat/linux
5.0
redhat/linux
5.1
redhat/linux
5.2 (3 CPE variants)
redhat/linux
6.0 (3 CPE variants)
... and 14 more
Published
Jun 09, 1999
Tracked Since
Feb 18, 2026