vulnerability

Debian: CVE-2019-3467: debian-edu-config, debian-lan-config -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Dec 20, 2019	Dec 20, 2019	Aug 15, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 20, 2019

Added

Dec 20, 2019

Modified

Aug 15, 2025

Description

Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.

Solutions

debian-upgrade-debian-edu-configdebian-upgrade-debian-lan-config

References

CVE-2019-3467
https://attackerkb.com/topics/CVE-2019-3467
CWE-732
DEBIAN-DLA-2041-1
DEBIAN-DSA-4589
DEBIAN-DSA-4589-1
DEBIAN-DSA-4595

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today