6 matches found
Amazon Linux 2023 : munge, munge-devel, munge-libs (ALAS2023-2026-1453)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1453 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon...
FreeBSD : munge -- CWE-787: Out-of-bounds Write (17186409-09d2-11f1-a39c-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17186409-09d2-11f1-a39c-b42e991fc52e advisory. https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authenticatio...
OESA-2026-1348 munge security update
MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having...
CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
Moderate: Red Hat Security Advisory: openssh security, bug fix, and enhancement update
An update for openssh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
openssh: Leak of host private key material to privilege-separated child process via realloc()
It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information...