USN-4530-1: Debian-LAN vulnerabilities
22 September 2020
Debian-LAN could be made to change Kerberos user passwords or run programs as an administrator.
- debian-lan-config - FAI config space for the Debian-LAN system
Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs
for the Kerberos admin server. A local attacker could possibly use this
issue to change the passwords of other users, leading to root privilege