authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 up to and including 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows malicious users to authenticate to the server using accounts that have been disabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
double precision incorporated courier mail server 0.48 |
||
double precision incorporated courier mail server 0.46 |
||
double precision incorporated courier mail server 0.47 |
||
double precision incorporated courier mail server 0.37.3 |
||
double precision incorporated courier mail server 0.50.0 |
||
double precision incorporated courier mail server 0.52.1 |
||
double precision incorporated courier mail server 0.48.1 |
||
double precision incorporated courier mail server 0.48.2 |
||
double precision incorporated courier mail server 0.49.0 |