CVE-2019-3467

Summary

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Affected Software

VendorProductVersion RangeStatus
DebianDebian Eduall versions < 2.11.10affected

Weaknesses

  • too permissive access control settings

ADP Enrichment

CVE Program Container

Additional References

References