CVE-2005-3532
courier - programming error
EPSS 0.90%
Description
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
How to fix CVE-2005-3532
To remediate CVE-2005-3532, upgrade the affected package to a fixed version below.
- Debian/courier—upgrade to 0.47-12 or later
- Debian/courier—upgrade to 0.37.3-2.8 or later
Is CVE-2005-3532 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.47-12
- from 0, < 0.37.3-2.8