Linux-Pam: >> Linux-Pam >> 1.0.4 Security Vulnerabilities
The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pam_xauth PAM check.
CVSS Score
3.3
EPSS Score
0.001
Published
2011-01-24
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
CVSS Score
4.6
EPSS Score
0.001
Published
2009-04-16
Page 2