Launchpad.net

CVE 2009-0579

Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.

See the CVE page on Mitre.org for more details.

References