Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3532

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3532
Last Modified 05 Sep 2008 04:54:38
Published 10 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3532

Summary

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

Vulnerable Systems

Application

  • Double Precision Incorporated Courier Mail Server 0.37.3

  • Double Precision Incorporated Courier Mail Server 0.46

  • Double Precision Incorporated Courier Mail Server 0.47

  • Double Precision Incorporated Courier Mail Server 0.48

  • Double Precision Incorporated Courier Mail Server 0.48.1

  • Double Precision Incorporated Courier Mail Server 0.48.2

  • Double Precision Incorporated Courier Mail Server 0.49.0

  • Double Precision Incorporated Courier Mail Server 0.50.0

  • Double Precision Incorporated Courier Mail Server 0.52.1


References

BID - 15771

DEBIAN - DSA-917

SECUNIA - 17919

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920

UBUNTU - USN-226-1

XF - courier-authdaemon-unauth-access(23532)

SECUNIA - 17999


Last Updated: 27 May 2016 10:40:57