CVE-2005-2977
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
Date published : 2005-10-31
http://www.securityfocus.com/bid/15217
http://cvs.sourceforge.net/viewcvs.py/pam/Linux-PAM/NEWS?rev=1.6&view=markup