Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2019-3467

Published: 23/12/2019 Updated: 22/12/2022
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian

Vulnerability Summary

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian-lan-config

skolelinux debian-edu-config

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

Vendor Advisories

Debian Security Advisories: DSA-4595-1 debian-lan-config -- security update
It was discovered that debian-lan-config, a FAI config space for the Debian-LAN system, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals This update provides a fixed configuration for new deployments, for existing setups, the NEWS file shipped in this update provides advice to f ...
Debian Security Advisories: DSA-4589-1 debian-edu-config -- security update
It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other user principals For the oldstable distribution (stretch), this problem has been fixed in version 1929+deb9u4 For the stable distribution (bust ...

References

CWE-732https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797https://security-tracker.debian.org/tracker/CVE-2019-3467https://www.debian.org/security/2019/dsa-4589https://lists.debian.org/debian-lts-announce/2019/12/msg00023.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459https://seclists.org/bugtraq/2019/Dec/34https://www.debian.org/security/2019/dsa-4595https://seclists.org/bugtraq/2019/Dec/44https://lists.debian.org/debian-lts-announce/2020/01/msg00012.htmlhttps://usn.ubuntu.com/4530-1/https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4595
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook