First published: Sun Dec 11 2005(Updated: )
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Double Precision Incorporated Courier Mail Server | =0.50.0 | |
Double Precision Incorporated Courier Mail Server | =0.52.1 | |
Double Precision Incorporated Courier Mail Server | =0.48 | |
Double Precision Incorporated Courier Mail Server | =0.49.0 | |
Double Precision Incorporated Courier Mail Server | =0.37.3 | |
Double Precision Incorporated Courier Mail Server | =0.46 | |
Double Precision Incorporated Courier Mail Server | =0.48.1 | |
Double Precision Incorporated Courier Mail Server | =0.47 | |
Double Precision Incorporated Courier Mail Server | =0.48.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.