CVE Vulnerabilities

CVE-2004-0925

Published: Jan 27, 2005 | Modified: Sep 10, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple 10.3 (including) 10.3 (including)
Mac_os_x Apple 10.3.1 (including) 10.3.1 (including)
Mac_os_x Apple 10.3.2 (including) 10.3.2 (including)
Mac_os_x Apple 10.3.3 (including) 10.3.3 (including)
Mac_os_x Apple 10.3.4 (including) 10.3.4 (including)
Mac_os_x Apple 10.3.5 (including) 10.3.5 (including)
Mac_os_x_server Apple 10.3 (including) 10.3 (including)
Mac_os_x_server Apple 10.3.1 (including) 10.3.1 (including)
Mac_os_x_server Apple 10.3.2 (including) 10.3.2 (including)
Mac_os_x_server Apple 10.3.3 (including) 10.3.3 (including)
Mac_os_x_server Apple 10.3.4 (including) 10.3.4 (including)
Mac_os_x_server Apple 10.3.5 (including) 10.3.5 (including)

References