Sign-up

ID

VAR-200501-0315


CVE

CVE-2004-0925


TITLE

Apple MacOS X postfix Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-306

DESCRIPTION

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate. This may potentially be exploited to deny certain users access to the server. This condition may only occur if SMTPD AUTH has been enabled. This issue reportedly does not affect the upstream release of Postfix but rather only the version distributed with Apple Mac OS X Panther. Apple Mac OS X is a dedicated operating system developed by Apple for Mac computers

Trust: 1.26

sources: NVD: CVE-2004-0925 // BID: 11323 // VULHUB: VHN-9355

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.4

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.0

vendor:wietsemodel:venema postfixscope:eqversion:2.1

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:2.0

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.13

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.12

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.1.11

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:1.0.21

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:20011115

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:20010228

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:19991231

Trust: 0.3

vendor:wietsemodel:venema postfixscope:eqversion:19990906

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.3

Trust: 0.3

sources: BID: 11323 // CNNVD: CNNVD-200501-306 // NVD: CVE-2004-0925

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0925
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200501-306
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0925
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9355
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9355 // CNNVD: CNNVD-200501-306 // NVD: CVE-2004-0925

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0925

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-306

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200501-306

EXTERNAL IDS

db:NVDid:CVE-2004-0925

Trust: 2.0

db:CNNVDid:CNNVD-200501-306

Trust: 0.7

db:APPLEid:APPLE-SA-2004-09-30

Trust: 0.6

db:BIDid:11323

Trust: 0.4

db:VULHUBid:VHN-9355

Trust: 0.1

sources: VULHUB: VHN-9355 // BID: 11323 // CNNVD: CNNVD-200501-306 // NVD: CVE-2004-0925

REFERENCES

url:http://lists.apple.com/archives/security-announce/2004/oct/msg00000.html

Trust: 1.7

url:http://www.postfix.org/

Trust: 0.3

sources: VULHUB: VHN-9355 // BID: 11323 // CNNVD: CNNVD-200501-306 // NVD: CVE-2004-0925

CREDITS

Michael Rondinelli

Trust: 0.6

sources: CNNVD: CNNVD-200501-306

SOURCES

db:VULHUBid:VHN-9355
db:BIDid:11323
db:CNNVDid:CNNVD-200501-306
db:NVDid:CVE-2004-0925

LAST UPDATE DATE

2024-08-14T13:01:25.474000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-9355date:2008-09-10T00:00:00
db:BIDid:11323date:2009-07-12T07:06:00
db:CNNVDid:CNNVD-200501-306date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0925date:2008-09-10T19:28:16.257

SOURCES RELEASE DATE

db:VULHUBid:VHN-9355date:2005-01-27T00:00:00
db:BIDid:11323date:2004-10-04T00:00:00
db:CNNVDid:CNNVD-200501-306date:2004-10-04T00:00:00
db:NVDid:CVE-2004-0925date:2005-01-27T05:00:00