Your submission was sent successfully! Close

CVE-2019-3467

Published: 23 December 2019

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
debian-lan-config
Launchpad, Ubuntu, Debian
bionic
Released (0.23+deb9u1build0.18.04.1)
focal
Released (0.26)
groovy Not vulnerable
(0.26)
hirsute Not vulnerable
(0.26)
impish Not vulnerable
(0.26)
jammy Not vulnerable
(0.26)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Ignored
(end of standard support, was needed)