CVE-2009-0579

Note

pam below 1.0 have a check already as per debian bug:
in _unix_verify_shadow, called from pam_sm_chauthtok:
	if ((curdays < (spwdent->sp_lstchg + spwdent->sp_min))
		    && (spwdent->sp_min != -1))
		retval = PAM_AUTHTOK_ERR;

Package	Release	Status
pam Launchpad, Ubuntu, Debian	dapper	Not vulnerable (already has check)
	hardy	Not vulnerable (already has check)
	intrepid	Ignored (end of life, was needed)
	jaunty	Ignored (end of life)
	karmic	Not vulnerable (1.1.0-2ubuntu1)
	lucid	Not vulnerable (1.1.0-2ubuntu1)
	maverick	Not vulnerable (1.1.0-2ubuntu1)
	upstream	Released (1.0.4)
	Patches: upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_unix/passverify.c?r1=1.4&r2=1.4.2.1 upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_unix/pam_unix_acct.c?r1=1.23&r2=1.23.2.1 upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/xtests/Makefile.am?r1=1.18&r2=1.18.2.2&pathrev=Linux-PAM-1_0-branch upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/xtests/tst-pam_unix4.c?r1=1.1.2.1&r2=1.1.2.2&pathrev=Linux-PAM-1_0-branch upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/xtests/tst-pam_unix4.pamd?r1=1.1.2.1&r2=1.1.2.2&pathrev=Linux-PAM-1_0-branch upstream: http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/xtests/tst-pam_unix4.sh?r1=1.1.2.1&r2=1.1.2.2&pathrev=Linux-PAM-1_0-branch

CVE-2009-0579

Notes

Priority

Status

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading