PT-2019-5234 · Debian+2 · Debian-Edu-Config+3

Wolfgang Schweer

Published

2019-12-18

Updated

2022-12-22

CVE-2019-3467

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Debian-edu-config versions prior to 2.11.10 debian-lan-config versions prior to 0.26

Description The issue is related to a security flaw in privilege management. Exploitation of this flaw can allow an attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. The problem arises from overly permissive ACLs configured for the Kerberos admin server, which permits password changes for other Kerberos user principals.

Recommendations For Debian-edu-config versions prior to 2.11.10, update to version 2.11.10 or later. For debian-lan-config versions prior to 0.26, update to version 0.26 or later.

Exploit

Fix

Incorrect Permission

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-269

Related Identifiers

BDU:2020-01977

CVE-2019-3467

DLA-2041-1

DLA-2063-1

DSA-4589-1

DSA-4595-1

USN-4530-1

Affected Products

Debian-Edu-Config

Kerberos

Ubuntu

Debian-Lan-Config

PT-2019-5234 · Debian+2 · Debian-Edu-Config+3

CVE-2019-3467

Weakness Enumeration

Related Identifiers

Affected Products

References · 23