cbcvebase.
CVE-2005-3532
published 2005-12-11

CVE-2005-3532: authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that…

PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.58%
72.5th percentile
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

Affected

14 ranges
VendorProductVersion rangeFixed in
debiancourier< courier 0.47-12 (bookworm)courier 0.47-12 (bookworm)
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server
double_precision_incorporatedcourier_mail_server>= 0 < 0.47-120.47-12
double_precision_incorporatedcourier_mail_server>= 0 < 0.47-120.47-12
double_precision_incorporatedcourier_mail_server>= 0 < 0.47-120.47-12
double_precision_incorporatedcourier_mail_server>= 0 < 0.47-120.47-12

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.