CVE-2019-3467
First published: Mon Dec 23 2019(Updated: )
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/debian-edu-config | 2.11.56+deb11u4 2.11.56+deb11u3 2.12.44~deb12u1 2.12.45 | |
| debian/debian-lan-config | 0.28 | |
| Debian | <0.26 | |
| Debian Edu | <2.11.10 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| Ubuntu Linux | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-3467
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459
- https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html
- https://seclists.org/bugtraq/2019/Dec/34
- https://seclists.org/bugtraq/2019/Dec/44
- https://usn.ubuntu.com/4530-1/
- https://www.debian.org/security/2019/dsa-4589
- https://www.debian.org/security/2019/dsa-4595
Frequently Asked Questions
What is the severity of CVE-2019-3467?
CVE-2019-3467 has critical severity due to the potential for unauthorized password changes in Kerberos user principals.
How do I fix CVE-2019-3467?
To mitigate CVE-2019-3467, update debian-edu-config to version 2.11.56+deb11u4 or higher and debian-lan-config to version 0.28.
Which versions of debian-edu-config are affected by CVE-2019-3467?
All versions of debian-edu-config prior to 2.11.10 are affected by CVE-2019-3467.
Which versions of debian-lan-config are vulnerable to CVE-2019-3467?
Any version of debian-lan-config before 0.26 is vulnerable to CVE-2019-3467.
What changes were made to resolve CVE-2019-3467?
The resolution for CVE-2019-3467 involved tightening the Access Control Lists (ACLs) for the Kerberos admin server to prevent unauthorized password changes.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/debian
- canonical/debian
- vendor/skolelinux
- canonical/debian edu
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/18.04