CVE-2019-3467
Description
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.085
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| debian-edu-config security update(DSA-4589-1) debian-edu-config_1.929+deb9u4_all.deb | Linux |
| debian-edu-config security update(DSA-4589-1) debian-edu-config_2.10.65+deb10u3_all.deb | Linux |
| debian-lan-config security update(DSA-4595-1) debian-lan-config_0.23+deb9u1_all.deb | Linux |
| debian-lan-config security update(DSA-4595-1) debian-lan-config_0.25+deb10u1_all.deb | Linux |
| FAI config space for the Debian-LAN system (USN-4530-1) debian-lan-config_0.23+deb9u1build0.18.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234