CVE-2009-0579

Priority
Description
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS)
as specified in /etc/shadow, which allows local users to bypass intended
security policy and change their passwords sooner than specified.
Notes
mdeslaurpam below 1.0 have a check already as per debian bug:
in _unix_verify_shadow, called from pam_sm_chauthtok:
if ((curdays < (spwdent->sp_lstchg + spwdent->sp_min))
&& (spwdent->sp_min != -1))
retval = PAM_AUTHTOK_ERR;
More Information

Updated: 2020-09-10 01:08:36 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)