Debian Edu Configuration Flaw in Debian and Debian-LAN Software
CVE-2019-3467

7.8HIGH

Key Information:

Vendor

Debian
Status
Debian Edu
Vendor
CVE Published:
23 December 2019

What is CVE-2019-3467?

A configuration issue in debian-edu-config and debian-lan-config allowed overly permissive access control lists (ACLs) for the Kerberos admin server. This misconfiguration enabled unauthorized password changes for other Kerberos user principals, potentially compromising user accounts and system integrity. All versions of debian-edu-config prior to 2.11.10 and versions of debian-lan-config below 0.26 are affected, highlighting the importance of maintaining secure configurations in educational environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Debian Edu all versions < 2.11.10

References

https://lists.debian.org/debian-lts-announce/2019/12/msg0...
mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Dec/34
mailing-listx_refsource_BUGTRAQ
https://www.debian.org/security/2019/dsa-4589
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.