CVE-2019-3467
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,2
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0009
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
732
Incorrect Permission Assignment for Critical Resource
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Integrity
Other
Potential Impacts:
Read Application Data
Read Files Or Directories
Gain Privileges Or Assume Identity
Modify Application Data
Other
Applicable Platforms
Technologies:
Not Technology-Specific, Cloud Computing
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Debian-Edu-Config by Skolelinux
Version Range Affected
To
2.11.10
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:skolelinux:debian-edu-config:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ubuntu Linux by Canonical
CPE Identifier
View Detailed Analysis
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Debian-Lan-Config by Debian
Version Range Affected
To
0.26
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:debian:debian-lan-config:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Debian Linux by Debian
CPE Identifier
View Detailed Analysis
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459
https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html
https://seclists.org/bugtraq/2019/Dec/34
https://seclists.org/bugtraq/2019/Dec/44
https://security-tracker.debian.org/tracker/CVE-2019-3467
https://usn.ubuntu.com/4530-1/
https://www.debian.org/security/2019/dsa-4589
https://www.debian.org/security/2019/dsa-4595
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459
https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html
https://seclists.org/bugtraq/2019/Dec/34
https://seclists.org/bugtraq/2019/Dec/44
https://security-tracker.debian.org/tracker/CVE-2019-3467
https://usn.ubuntu.com/4530-1/
https://www.debian.org/security/2019/dsa-4589
https://www.debian.org/security/2019/dsa-4595