CVE-2009-0579

Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437
http://secunia.com/advisories/34728	Vendor Advisory
http://secunia.com/advisories/34733	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487216	Patch
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html	Patch Vendor Advisory
https://www.redhat.com/archives/pam-list/2009-March/msg00006.html	Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437
http://secunia.com/advisories/34728	Vendor Advisory
http://secunia.com/advisories/34733	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487216	Patch
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html	Patch Vendor Advisory
https://www.redhat.com/archives/pam-list/2009-March/msg00006.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:linux-pam:linux-pam::::::::
	cpe:2.3:a:linux-pam:linux-pam:0.99.1.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.2.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.2.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.3.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.4.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.5.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.2:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.6.3:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.7.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.7.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.8.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.8.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.9.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:0.99.10.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.0:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.1:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.2:::::::*
	cpe:2.3:a:linux-pam:linux-pam:1.0.3:::::::*

History

21 Nov 2024, 01:00

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437 -
References	~~() http://secunia.com/advisories/34728 - Vendor Advisory~~	() http://secunia.com/advisories/34728 - Vendor Advisory
References	~~() http://secunia.com/advisories/34733 - Vendor Advisory~~	() http://secunia.com/advisories/34733 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=487216 - Patch~~	() https://bugzilla.redhat.com/show_bug.cgi?id=487216 - Patch
References	~~() https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html -~~	() https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html -
References	~~() https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html - Patch, Vendor Advisory~~	() https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html - Patch, Vendor Advisory
References	~~() https://www.redhat.com/archives/pam-list/2009-March/msg00006.html - Vendor Advisory~~	() https://www.redhat.com/archives/pam-list/2009-March/msg00006.html - Vendor Advisory

Information

Published : 2009-04-16 15:12

Updated : 2024-11-21 01:00

NVD link : CVE-2009-0579

Mitre link : CVE-2009-0579

CVE.ORG link : CVE-2009-0579

JSON object : View

Products Affected

linux-pam

linux-pam

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.6 /10