Wolfgang Schweer

**Name of the Vulnerable Software and Affected Versions** Debian-edu-config versions prior to 2.11.10 debian-lan-config versions prior to 0.26 **Description** The issue is related to a security flaw in privilege management. Exploitation of this flaw can allow an attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. The problem arises from overly permissive ACLs configured for the Kerberos admin server, which permits password changes for other Kerberos user principals. **Recommendations** For Debian-edu-config versions prior to 2.11.10, update to version 2.11.10 or later. For debian-lan-config versions prior to 0.26, update to version 0.26 or later.