PT-2019-5234 · Debian+2 · Debian-Edu-Config+3

Wolfgang Schweer

Publicado

2019-12-18

Atualizado

2022-12-22

CVE-2019-3467

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Debian-edu-config versions prior to 2.11.10 debian-lan-config versions prior to 0.26

Description The issue is related to a security flaw in privilege management. Exploitation of this flaw can allow an attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. The problem arises from overly permissive ACLs configured for the Kerberos admin server, which permits password changes for other Kerberos user principals.

Recommendations For Debian-edu-config versions prior to 2.11.10, update to version 2.11.10 or later. For debian-lan-config versions prior to 0.26, update to version 0.26 or later.

Exploit

Correção

Incorrect Permission

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732CWE-269

Identificadores relacionados

BDU:2020-01977

CVE-2019-3467

DLA-2041-1

DLA-2063-1

DSA-4589-1

DSA-4595-1

USN-4530-1

Produtos afetados

Debian-Edu-Config

Kerberos

Ubuntu

Debian-Lan-Config

PT-2019-5234 · Debian+2 · Debian-Edu-Config+3

CVE-2019-3467

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23