CVE-2005-3532
Last modified
CVE-2005-3532 is a vulnerability of currently unknown severity. authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.. EPSS estimates a 1.58% chance of exploitation in the next 30 days.
Description
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Double Precision Incorporated | Courier Mail Server | 0.37.3 |
| Double Precision Incorporated | Courier Mail Server | 0.46 |
| Double Precision Incorporated | Courier Mail Server | 0.47 |
| Double Precision Incorporated | Courier Mail Server | 0.48 |
| Double Precision Incorporated | Courier Mail Server | 0.48.1 |
| Double Precision Incorporated | Courier Mail Server | 0.48.2 |
| Double Precision Incorporated | Courier Mail Server | 0.49.0 |
| Double Precision Incorporated | Courier Mail Server | 0.50.0 |
| Double Precision Incorporated | Courier Mail Server | 0.52.1 |
References
- http://secunia.com/advisories/17919Patch, Vendor Advisory
- http://secunia.com/advisories/17919Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-3532?
How severe is CVE-2005-3532?
How do I fix CVE-2005-3532?
Are you affected by CVE-2005-3532?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST