Upstream information
Description
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.6 |
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA pam-devel-1.1.5-0.15.9 |
| SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA pam-1.0.4-0.5.12 |
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA pam-1.1.5-0.10.17 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA pam-1.1.5-0.10.17 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA pam-1.1.5-0.15.9 SUSE Linux Enterprise Software Development Kit 11 SP4 GA pam-devel-1.1.5-0.15.9 |
SUSE Timeline for this CVE
CVE page created: Wed Sep 1 12:32:57 2010CVE page last modified: Sat Jun 15 20:55:03 2024