Published: 16/04/2009 Updated: 03/01/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Linux-PAM prior to 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux-pam linux-pam 1.0.1
linux-pam linux-pam 0.99.9.0
linux-pam linux-pam 0.99.6.3
linux-pam linux-pam 0.99.6.1
linux-pam linux-pam 0.99.1.0
linux-pam linux-pam
linux-pam linux-pam 0.99.8.1
linux-pam linux-pam 0.99.8.0
linux-pam linux-pam 0.99.7.1
linux-pam linux-pam 0.99.7.0
linux-pam linux-pam 1.0.2
linux-pam linux-pam 1.0.0
linux-pam linux-pam 0.99.6.2
linux-pam linux-pam 0.99.6.0
linux-pam linux-pam 0.99.10.0
linux-pam linux-pam 1.0.3
linux-pam linux-pam 0.99.5.0
linux-pam linux-pam 0.99.4.0
linux-pam linux-pam 0.99.3.0
linux-pam linux-pam 0.99.2.1
linux-pam linux-pam 0.99.2.0

Debian Bug report logs - #514437 chage -m / passwd -n (--mindays) have no effect (Lenny) Package: libpam-modules; Maintainer for libpam-modules is Steve Langasek <vorlon@debianorg>; Source for libpam-modules is src:pam (PTS, buildd, popcon) Reported by: Stefan Lienesch <lieneschgag@ewetelnet> Date: Sat, 7 Feb 200 ...

CWE-264 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html http://secunia.com/advisories/34728 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html https://www.redhat.com/archives/pam-list/2009-March/msg00006.html https://bugzilla.redhat.com/show_bug.cgi?id=487216 http://secunia.com/advisories/34733 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 https://nvd.nist.gov

CVE-2009-0579

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect