authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
2005-12-11T01:03:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | double_precision_incorporated | courier_mail_server | 0.37.3 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.46 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.47 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.48 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.48.1 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.48.2 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.49.0 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.50.0 | Yes |
Application | double_precision_incorporated | courier_mail_server | 0.52.1 | Yes |