CVE-2004-1088

Description

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.

Affected products

• Apple / darwin_streaming_server5.0.1 – 5.0.1
• Apple / darwin_streaming_server4.1.3 – 4.1.3
• Apple / mac_os_x10.2.1 – 10.2.1
• Apple / mac_os_x10.2.2 – 10.2.2
• Apple / mac_os_x10.2.3 – 10.2.3
• Apple / mac_os_x10.2.4 – 10.2.4
• Apple / mac_os_x10.2.5 – 10.2.5
• Apple / mac_os_x10.2.6 – 10.2.6
• Apple / mac_os_x10.2.7 – 10.2.7
• Apple / mac_os_x10.2.8 – 10.2.8
• Apple / mac_os_x10.3 – 10.3
• Apple / mac_os_x10.3.1 – 10.3.1
• Apple / mac_os_x10.3.2 – 10.3.2
• Apple / mac_os_x10.3.3 – 10.3.3
• Apple / mac_os_x10.3.4 – 10.3.4
• Apple / mac_os_x10.3.5 – 10.3.5
• Apple / mac_os_x10.2 – 10.2
• Apple / mac_os_x10.3.6 – 10.3.6
• Apple / mac_os_x_server10.3.6 – 10.3.6
• Apple / mac_os_x_server10.2 – 10.2
• Apple / mac_os_x_server10.2.1 – 10.2.1
• Apple / mac_os_x_server10.2.2 – 10.2.2
• Apple / mac_os_x_server10.2.3 – 10.2.3
• Apple / mac_os_x_server10.2.4 – 10.2.4
• Apple / mac_os_x_server10.2.5 – 10.2.5
• Apple / mac_os_x_server10.2.6 – 10.2.6
• Apple / mac_os_x_server10.2.7 – 10.2.7
• Apple / mac_os_x_server10.2.8 – 10.2.8
• Apple / mac_os_x_server10.3 – 10.3
• Apple / mac_os_x_server10.3.1 – 10.3.1
• Apple / mac_os_x_server10.3.2 – 10.3.2
• Apple / mac_os_x_server10.3.3 – 10.3.3
• Apple / mac_os_x_server10.3.4 – 10.3.4
• Apple / mac_os_x_server10.3.5 – 10.3.5
• Apple / quicktime_streaming_server4.1.1 – 4.1.1

References

• MISChttp://www.securityfocus.com/bid/11802
• VENDOR_ADVISORYhttp://secunia.com/advisories/13362/
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18353
• MISChttp://www.ciac.org/ciac/bulletins/p-049.shtml