Debian Bug report logs - #947459
debian-lan-config: too permissive ACLs for the Kerberos admin server in kadm5.acl

version graph

Package: debian-lan-config; Maintainer for debian-lan-config is Debian LAN Developers <debian-lan-devel@lists.alioth.debian.org>; Source for debian-lan-config is src:debian-lan-config (PTS, buildd, popcon).

Reported by: "Andreas B. Mundt" <andi@debian.org>

Date: Fri, 27 Dec 2019 08:39:02 UTC

Severity: important

Tags: security

Found in versions debian-lan-config/0.25, debian-lan-config/0.23

Fixed in version debian-lan-config/0.26

Done: andi@debian.org (Andreas B. Mundt)

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, andi@debian.org, Debian LAN Developers <debian-lan-devel@lists.alioth.debian.org>:
Bug#947459; Package debian-lan-config. (Fri, 27 Dec 2019 08:39:06 GMT) (full text, mbox, link).


Acknowledgement sent to "Andreas B. Mundt" <andi@debian.org>:
New Bug report received and forwarded. Copy sent to andi@debian.org, Debian LAN Developers <debian-lan-devel@lists.alioth.debian.org>. (Fri, 27 Dec 2019 08:39:06 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Andreas B. Mundt" <andi@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: debian-lan-config: too permissive ACLs for the Kerberos admin server in kadm5.acl
Date: Fri, 27 Dec 2019 09:34:56 +0100
Package: debian-lan-config
Version: 0.25
Severity: important

Hi,

the provided configuration file for the Kerberos admin server in
debian-lan-config provides too permissive ACLs.  These allow password
changes for other Kerberos user principals. 

The issue is the same as discussed in #946797.

Best regards,

  Andi



Reply sent to andi@debian.org (Andreas B. Mundt):
You have taken responsibility. (Fri, 27 Dec 2019 09:09:04 GMT) (full text, mbox, link).


Notification sent to "Andreas B. Mundt" <andi@debian.org>:
Bug acknowledged by developer. (Fri, 27 Dec 2019 09:09:04 GMT) (full text, mbox, link).


Message #10 received at 947459-close@bugs.debian.org (full text, mbox, reply):

From: andi@debian.org (Andreas B. Mundt)
To: 947459-close@bugs.debian.org
Subject: Bug#947459: fixed in debian-lan-config 0.26
Date: Fri, 27 Dec 2019 09:04:09 +0000
Source: debian-lan-config
Source-Version: 0.26

We believe that the bug you reported is fixed in the latest version of
debian-lan-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 947459@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas B. Mundt <andi@debian.org> (supplier of updated debian-lan-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Dec 2019 14:52:12 +0100
Source: debian-lan-config
Architecture: source
Version: 0.26
Distribution: unstable
Urgency: high
Maintainer: Debian LAN Developers <debian-lan-devel@lists.alioth.debian.org>
Changed-By: Andreas B. Mundt <andi@debian.org>
Closes: 947459
Changes:
 debian-lan-config (0.26) unstable; urgency=high
 .
   * Prepare for salsa-ci.
   * Fix kadmin access rules (closes: #947459).
   * Bump Standards-Version to 4.4.1:
     - Switch to dh compat level to 12 and remove dh-compat-file.
     - Add lintian-overrides to ignore false positives.
     - Set Rules-Requires-Root: no.
Checksums-Sha1:
 a56bac3e10a615b1e928ea53ca7a20ff610da0fc 1683 debian-lan-config_0.26.dsc
 1a1071514e45ef6572bcb8ef715514be57c9a7f6 56108 debian-lan-config_0.26.tar.xz
 6bd368bd35d4d71cde4257968b265f88938fb694 5205 debian-lan-config_0.26_amd64.buildinfo
Checksums-Sha256:
 c2a35164df1273713cee9bcca80c456ced2af0777912981a4651f7cb29af2866 1683 debian-lan-config_0.26.dsc
 997443ac5c43948bc29f35a5745822d628b92a1fd6e30a93fb4c97586398d1ae 56108 debian-lan-config_0.26.tar.xz
 e84b23301b6156327ded227c21112a29f320a123f712add9fddc00be292328e3 5205 debian-lan-config_0.26_amd64.buildinfo
Files:
 bc8e92ddc62cf26cda087901ecd8a69a 1683 admin optional debian-lan-config_0.26.dsc
 0823badd35b31379694922d948f4f87a 56108 admin optional debian-lan-config_0.26.tar.xz
 1f00fc7c5d57473217fc167a7c98f4c6 5205 admin optional debian-lan-config_0.26_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEk4pc7h4pDeJV2ayYsB/qhGF7WG0FAl4FxWIACgkQsB/qhGF7
WG0byw//WMcDBsVcsMy7XUvkZEIN6QTnfsOn3EblbNV/IBDmsVBYrcLJoVHkydf4
B1bEP6PHjIP6Q3zvRtpQzvo9IA+IlGQVAA6K4BRAHgEVpZaHi4on3V3jK80+cavg
8pSoFb1zb4iRVta3T77LfgHliIOmvyvzKi81OJ+ZzMiGFheMFKKN/k/U+cYnFrCa
eKMOwvJ4BsCxvP6okx2hLZLwgBzGmwWt1lGRhgG9ZHMF31e1Hgb24jX6RrvSbofG
jGNJ/2eHBQxXo+GLKHneBixaF/RkOBLYlcU3GD8wZnwS3eS7Toouj8l6PopBwplR
wRtK/G7YGuyoJJuaWFdLDsOySGd20wv2Fdl9IBFeyOuzJn9faOYKWf+eHmLyF7gn
GBu1jGZIQFzg2XZqPnguHem0A28KON9kn6VlZm+ks7pQrrW0poDb+h4suy2Jnq62
aWgVs0nIHmKuJIirJrgXju9TezxU/eQ9kZLTQijfdS4VcZ/Jb9ft7ul6WAf7tJl5
EfdjYWWuF0vP1SU7qvKb0AEygsQWxyuP58ZlN3XhSLSW9bAamEE/7bi3tWLJifMr
LS4pm8dCc9nni5fR7Bzs0bAPuACWU1LW2We6j8lr946Er1nwTbzjk+tPu0anNujT
80HlgIf08JeOWg8+vYvaQ5i3QJbjkHC8Q6LWunQeIGRBZnNRSSo=
=aD/d
-----END PGP SIGNATURE-----




Added tag(s) security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 27 Dec 2019 12:39:02 GMT) (full text, mbox, link).


Marked as found in versions debian-lan-config/0.23. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 27 Dec 2019 12:45:06 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 01 Feb 2020 07:28:29 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:32:30 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.