CVE-2009-0579 — Linux-pam vulnerability

CWE-2649 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 80.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PAM Debian PAM Linux-pam

Timeline

PublishedApr 16

Latest updateMay 2

Description

Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDlinux-pam/linux-pam1.0.4+20

▶debiandebian/pam< pam 1.0.1-10 (bookworm)

▶Debianpam/pam< 1.0.1-10+3

Patches

Patch: bugzilla.redhat.com ↗Patch: www.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-hm9c-qrxw-gvc3: Linux-PAM before 1↗2022-05-02

▶

OSV

CVE-2009-0579: Linux-PAM before 1↗2009-04-16

▶

📋Vendor Advisories

Red Hat

pam: MINDAYS not respected by pam for password changing↗2009-02-07

▶

Debian

CVE-2009-0579: pam - Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as sp...↗2009

▶

💬Community

Bugzilla

CVE-2009-0579 pam: MINDAYS not respected by pam for password changing [Fdevel]↗2009-02-24

▶

Bugzilla

CVE-2009-0579 pam: MINDAYS not respected by pam for password changing [F10]↗2009-02-24

▶

Bugzilla

CVE-2009-0579 pam: MINDAYS not respected by pam for password changing [F9]↗2009-02-24

▶

Bugzilla

CVE-2009-0579 pam: MINDAYS not respected by pam for password changing↗2009-02-24

▶