CVE-2004-0925

Published: Jan 27, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

Affected (12)

Products: Apple: Mac Os X, Mac Os X Server

Apple

2 products

Mac Os X

Mac Os X Server

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.3.1
Apple Mac Os X	Version 10.3.2
Apple Mac Os X	Version 10.3.3
Apple Mac Os X	Version 10.3.4
Apple Mac Os X	Version 10.3.5
Apple Mac Os X	Version 10.3
Apple Mac Os X Server	Version 10.3.1
Apple Mac Os X Server	Version 10.3.2
Apple Mac Os X Server	Version 10.3.3
Apple Mac Os X Server	Version 10.3.4
Apple Mac Os X Server	Version 10.3.5
Apple Mac Os X Server	Version 10.3

References (2)

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.