CVE-2019-3467

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Link	Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797	Exploit Mailing List
https://security-tracker.debian.org/tracker/CVE-2019-3467	Third Party Advisory
https://www.debian.org/security/2019/dsa-4589	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html	Mailing List Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/34	Mailing List Third Party Advisory
https://www.debian.org/security/2019/dsa-4595	Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/44	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4530-1/	Third Party Advisory

Configuration 1

cpe:2.3:a:debian:debian-lan-config:*:*:*:*:*:*:*:* cpe:2.3:a:skolelinux:debian-edu-config:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

---

Published : 2019-12-23 07:15

Updated : 2022-12-22 08:20

---

NVD link : CVE-2019-3467

Mitre link : CVE-2019-3467

No products.

CWE-732