CVE-2005-3532 - OpenCVE

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Double Precision Incorporated	Courier Mail Server

Configuration 1 [-]

OR	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.37.3:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.46:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.47:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.1:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.2:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.49.0:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.50.0:::::::*
	cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.52.1:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920
http://secunia.com/advisories/17919
http://secunia.com/advisories/17999
http://www.debian.org/security/2005/dsa-917
http://www.securityfocus.com/bid/15771/
https://exchange.xforce.ibmcloud.com/vulnerabilities/23532
https://usn.ubuntu.com/226-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2005-12-11T01:00:00

Updated: 2024-08-07T23:17:22.680Z

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3532

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-12-11T01:03:00.000

Modified: 2018-10-03T21:32:11.050

Link: CVE-2005-3532

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "DSA-917", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-917"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920"}, {"name": "17919", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17919"}, {"name": "courier-authdaemon-unauth-access(23532)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532"}, {"name": "15771", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15771/"}, {"name": "17999", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17999"}, {"name": "USN-226-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/226-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2005-3532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-917", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-917"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920"}, {"name": "17919", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17919"}, {"name": "courier-authdaemon-unauth-access(23532)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532"}, {"name": "15771", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15771/"}, {"name": "17999", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17999"}, {"name": "USN-226-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/226-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T23:17:22.680Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-917", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-917"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920"}, {"name": "17919", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17919"}, {"name": "courier-authdaemon-unauth-access(23532)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532"}, {"name": "15771", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15771/"}, {"name": "17999", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17999"}, {"name": "USN-226-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/226-1/"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-3532", "datePublished": "2005-12-11T01:00:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2024-08-07T23:17:22.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.37.3:*:*:*:*:*:*:*", "matchCriteriaId": "B1B758F4-32EF-43B1-A0F1-E54D9C050BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.46:*:*:*:*:*:*:*", "matchCriteriaId": "AB82816F-11B7-40C3-AF80-C3091372C46D", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.47:*:*:*:*:*:*:*", "matchCriteriaId": "B66C6966-7500-432C-A766-35FAA9E42FAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48:*:*:*:*:*:*:*", "matchCriteriaId": "B082F880-5684-4FB5-B469-A5B65847D577", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.1:*:*:*:*:*:*:*", "matchCriteriaId": "9A23AE92-D4C0-4F7C-85DC-BC3A9B7D53A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.2:*:*:*:*:*:*:*", "matchCriteriaId": "0CFFC62C-4969-405E-8F2C-E3D31DDED5C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.49.0:*:*:*:*:*:*:*", "matchCriteriaId": "21FEF102-4961-4AA0-969F-4108E4556CEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.50.0:*:*:*:*:*:*:*", "matchCriteriaId": "4E387763-BAA3-4353-8065-DBB99CFC94B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.52.1:*:*:*:*:*:*:*", "matchCriteriaId": "EF1D6D6B-BA9B-493B-9E0A-43A55AA8766B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled."}], "id": "CVE-2005-3532", "lastModified": "2018-10-03T21:32:11.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-11T01:03:00.000", "references": [{"source": "security@debian.org", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17919"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17999"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2005/dsa-917"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/15771/"}, {"source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23532"}, {"source": "security@debian.org", "url": "https://usn.ubuntu.com/226-1/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}