Unrated severityNVD Advisory· Published Dec 11, 2005· Updated Apr 16, 2026

CVE-2005-3532

Description

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.

Affected products

Double Precision Incorporated/Courier Mail Server9 versions
cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.37.3:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.37.3:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.46:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.47:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.1:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.48.2:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.49.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.50.0:*:*:*:*:*:*:*
- cpe:2.3:a:double_precision_incorporated:courier_mail_server:0.52.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvdPatch
secunia.com/advisories/17919nvdPatchVendor Advisory
www.debian.org/security/2005/dsa-917nvdPatch
www.securityfocus.com/bid/15771/nvdPatch
secunia.com/advisories/17999nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23532nvd
usn.ubuntu.com/226-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000