CVE-2000-0378

Linux pam_console - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0378. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit leverages a vulnerability in the pam_console PAM module to allow a local user to continue monitoring device activity after logging out, potentially capturing sensitive information such as root passwords. The code opens a specified device file and continuously reads and displays its contents to the terminal.

Description

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michal Zalewski · clocallinux
https://www.exploit-db.com/exploits/19900

This exploit leverages a vulnerability in the pam_console PAM module to allow a local user to continue monitoring device activity after logging out, potentially capturing sensitive information such as root passwords. The code opens a specified device file and continuously reads and displays its contents to the terminal.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: pam_console PAM module (Linux systems running PAM)
Auth required
Prerequisites: Local access to the system · Knowledge of the device file to monitor
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1176

Scores

EPSS 0.0109
EPSS Percentile 60.9%

Details

Status published
Products (3)
redhat/linux 6.0
redhat/linux 6.1
redhat/linux 6.2
Published May 03, 2000
Tracked Since Feb 18, 2026