Linux-PAM Vulnerability Allows Password Change Policy Bypass
CVE-2009-0579

Currently unrated

Key Information:

Vendor: Linux-pam
Status: Linux-pam
Vendor: CVE Published:; 16 April 2009

What is CVE-2009-0579?

Linux-PAM versions before 1.0.4 are susceptible to a vulnerability where the system does not enforce the minimum password age (MINDAYS) as specified in the /etc/shadow file. This oversight allows local users to change their passwords earlier than the defined policy, potentially compromising system security and user account protections. Proper configuration and updates to Linux-PAM are necessary to mitigate this risk.

References

http://secunia.com/advisories/34728

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=487216

x_refsource_CONFIRM

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2009
Vulnerability Reserved
Feb 13, 2009

Linux-pam

What is CVE-2009-0579?

References

Timeline