Debian-edu-config all versions < 2.11.10, a set of configuration files used for Debian Edu, and debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server, which allowed password changes for other Kerberos user principals.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian-lan-config | Debian | * | 0.26 (excluding) |
Debian-edu-config | Skolelinux | * | 2.11.10 (excluding) |
Debian-lan-config | Ubuntu | bionic | * |
Debian-lan-config | Ubuntu | esm-apps/bionic | * |
Debian-lan-config | Ubuntu | esm-apps/focal | * |
Debian-lan-config | Ubuntu | esm-apps/xenial | * |
Debian-lan-config | Ubuntu | focal | * |
Debian-lan-config | Ubuntu | trusty | * |
Debian-lan-config | Ubuntu | xenial | * |