Vulnerability CVE-2019-3467


Published: 2019-12-23

Description:
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Type:

CWE-269

(Improper Privilege Management)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Skolelinux -> Debian-edu-config 
Debian -> Debian-lan-config 
Debian -> Debian linux 

 References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459
https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html
https://seclists.org/bugtraq/2019/Dec/34
https://seclists.org/bugtraq/2019/Dec/44
https://security-tracker.debian.org/tracker/CVE-2019-3467
https://www.debian.org/security/2019/dsa-4589
https://www.debian.org/security/2019/dsa-4595

Copyright 2021, cxsecurity.com

 

Back to Top