Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04 LTS: USN-4530-1 Critical: Debian-LAN Admin Access Threat

ubuntu
Calendar Grey September 22, 2020
Dist Ubuntu Esm H88
Ubuntu-NET introduces vulnerabilities associated with LDAP and user privileges, necessitating essential patches for system security.
Debian-LAN could be made to change Kerberos user passwords or run programs as an administrator.

Summary

Debian-LAN could be made to change Kerberos user passwords or run programs

as an administrator.

Software Description:

- debian-lan-config: FAI config space for the Debian-LAN system

Details:

Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs

for the Kerberos admin server. A local attacker could possibly use this

issue to change the passwords of other users, leading to root privilege

escalation. (CVE-2019-3467)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  debian-lan-config               0.23+deb9u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4530-1

CVE-2019-3467

Severity
critical
Lowest
Low
Medium
High
Critical

September 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here