Back to search
CVE-2005-3532
Published: Dec 11, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-917
vendor-advisory
x_refsource_DEBIAN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920
x_refsource_MISC
17919
third-party-advisory
x_refsource_SECUNIA
courier-authdaemon-unauth-access(23532)
vdb-entry
x_refsource_XF
15771
vdb-entry
x_refsource_BID
17999
third-party-advisory
x_refsource_SECUNIA
USN-226-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now