First published: Sun Dec 11 2005(Updated: )
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Courier Mail Server | =0.37.3 | |
Courier Mail Server | =0.46 | |
Courier Mail Server | =0.47 | |
Courier Mail Server | =0.48 | |
Courier Mail Server | =0.48.1 | |
Courier Mail Server | =0.48.2 | |
Courier Mail Server | =0.49.0 | |
Courier Mail Server | =0.50.0 | |
Courier Mail Server | =0.52.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-3532 is classified as a medium severity vulnerability.
To fix CVE-2005-3532, upgrade Courier Mail Server to version 0.53 or later.
CVE-2005-3532 affects Courier Mail Server versions from 0.37.3 to 0.52.1 that use pam_tally.
CVE-2005-3532 is an authentication vulnerability that allows disabled accounts to be used for login.
It is not recommended to use Courier Mail Server with CVE-2005-3532, as it poses a security risk until patched.