{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0.26" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "2.11.10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "18.04" } ] } ] } } ], "details": "Debian-edu-config all versions \u003c 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config \u003c 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.", "id": "CVE-2019-3467", "modified": "2026-03-15T21:48:52.192263664Z", "published": "2019-12-23T19:15:11.823Z", "references": [ { "type": "ADVISORY", "url": "https://security-tracker.debian.org/tracker/CVE-2019-3467" }, { "type": "ADVISORY", "url": "https://usn.ubuntu.com/4530-1/" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2019/dsa-4589" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2019/dsa-4595" }, { "type": "ADVISORY", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947459" }, { "type": "ADVISORY", "url": "https://seclists.org/bugtraq/2019/Dec/34" }, { "type": "ADVISORY", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00023.html" }, { "type": "ADVISORY", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html" }, { "type": "ADVISORY", "url": "https://seclists.org/bugtraq/2019/Dec/44" }, { "type": "FIX", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946797" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }