poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.Referenceshttp://secunia.com/advisories/13865http://security.gentoo.org/glsa/glsa-200501-22.xmlhttp://securitytracker.com/id?1012840
