Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-3532

Published: 11/12/2005 Updated: 03/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Courier Mail Server

Vulnerability Summary

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 up to and including 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows malicious users to authenticate to the server using accounts that have been disabled.

Vulnerable Product Search on Vulmon Subscribe to Product

double precision incorporated courier mail server 0.48

double precision incorporated courier mail server 0.46

double precision incorporated courier mail server 0.47

double precision incorporated courier mail server 0.37.3

double precision incorporated courier mail server 0.50.0

double precision incorporated courier mail server 0.52.1

double precision incorporated courier mail server 0.48.1

double precision incorporated courier mail server 0.48.2

double precision incorporated courier mail server 0.49.0

Vendor Advisories

Debian CVElist Bug Report Logs: pam authentication module does not call pam_acct_mgmt
Debian Bug report logs - #211920 pam authentication module does not call pam_acct_mgmt Package: courier-authdaemon; Maintainer for courier-authdaemon is Markus Wanner <markus@bluegapch>; Source for courier-authdaemon is src:courier-authlib (PTS, buildd, popcon) Reported by: Patrick Cheong Shu Yang <shuyang@popjaringmy& ...
Ubuntu Security Notice: courier vulnerability
Patrick Cheong Shu Yang discovered a flaw in the user account handling of courier-authdaemon After successful authorization, the Courier mail server granted access to deactivated accounts ...
Debian Security Advisories: DSA-917-1 courier -- programming error
Patrick Cheong Shu Yang discovered that courier-authdaemon, the authentication daemon of the Courier Mail Server, grants access to accounts that are already deactivated For the old stable distribution (woody) this problem has been fixed in version 0373-28 For the stable distribution (sarge) this problem has been fixed in version 047-4sarge4 ...

References

NVD-CWE-Otherhttp://www.debian.org/security/2005/dsa-917http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920http://www.securityfocus.com/bid/15771/http://secunia.com/advisories/17919http://secunia.com/advisories/17999https://exchange.xforce.ibmcloud.com/vulnerabilities/23532https://usn.ubuntu.com/226-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920https://usn.ubuntu.com/226-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook