Vulnerabilities > CVE-2004-0925 - Unspecified vulnerability in Apple mac OS X and mac OS X Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

apple

nessus

NVD

Published: 2005-01-27

Updated: 2008-09-10

Summary

Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

Vulnerable Configurations

Part	Description	Count
OS	Apple Apple MAC OS X 10.3 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5	12

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD20040930.NASL
description	The remote host is missing Security Update 2004-09-30. This security update contains a number of fixes for the following programs : - AFP Server - CUPS - NetInfoManager - postfix - QuickTime - ServerAdmin These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	15420
published	2004-10-04
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15420
title	Mac OS X Multiple Vulnerabilities (Security Update 2004-09-30)

References

http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html