Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0579

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-0579
Last Modified 16 Apr 2009 12:00:00
Published 16 Apr 2009 11:12:57
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0579

Summary

Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.

Vulnerable Systems

Application

  • Kernel Linux-pam 0.99.1.0

  • Kernel Linux-pam 0.99.10.0

  • Kernel Linux-pam 0.99.2.0

  • Kernel Linux-pam 0.99.2.1

  • Kernel Linux-pam 0.99.3.0

  • Kernel Linux-pam 0.99.4.0

  • Kernel Linux-pam 0.99.5.0

  • Kernel Linux-pam 0.99.6.0

  • Kernel Linux-pam 0.99.6.1

  • Kernel Linux-pam 0.99.6.2

  • Kernel Linux-pam 0.99.6.3

  • Kernel Linux-pam 0.99.7.0

  • Kernel Linux-pam 0.99.7.1

  • Kernel Linux-pam 0.99.8.0

  • Kernel Linux-pam 0.99.8.1

  • Kernel Linux-pam 0.99.9.0

  • Kernel Linux-pam 1.0.0

  • Kernel Linux-pam 1.0.1

  • Kernel Linux-pam 1.0.2

  • Kernel Linux-pam 1.0.3

  • Kernel Linux-pam 1.0.4


References

FEDORA - FEDORA-2009-3231

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487216

MLIST - [pam-list] 20090309 Linux-PAM 1.0.4 released

FEDORA - FEDORA-2009-3204

SECUNIA - 34733

SECUNIA - 34728

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437


Last Updated: 27 May 2016 10:50:18