Astra Linux - уязвимость в munge

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: munge (UTSA-2026-014299)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014299 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in...

Unity Linux 20.1070a Security Update: munge (UTSA-2026-007303)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007303 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in...

Alibaba Cloud Linux 3 : 0047: munge (ALINUX3-SA-2026:0047)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25506: MUNGE is an authentication service...

MiracleLinux 9 : munge-0.5.13-14.el9_7 (AXSA:2026-229:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-229:02 advisory. MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery CVE-2026-25506 Tenable has extracted the preceding descripti...

RockyLinux 8 : munge (RLSA-2026:3032)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:3032 advisory. MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery CVE-2026-25506 Tenable has extracted the preceding description...

AlmaLinux 9 : munge (ALSA-2026:3034)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:3034 advisory. MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery CVE-2026-25506 Tenable has extracted the preceding description...

MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...

RHEL 8 : munge (RHSA-2026:3032)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3032 advisory. MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use i...

Oracle Linux 9 : munge (ELSA-2026-3034)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-3034 advisory. - Fix CVE-2026-25506 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

RHEL 9 : munge (RHSA-2026:2934)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2934 advisory. MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use i...

RHEL 8 : munge (RHSA-2026:3013)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3013 advisory. MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use i...

RHEL 8 : munge (RHSA-2026:3011)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3011 advisory. MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use i...

RHEL 9 : munge (RHSA-2026:2918)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2918 advisory. MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use i...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : MUNGE vulnerability (USN-8040-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8040-1 advisory. Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged the...

USN-8040-1 munge vulnerability

Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged the MUNGE authentication daemon. A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution...

SUSE SLES12 Security Update : munge (SUSE-SU-2026:0448-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0448-1 advisory. - CVE-2026-25506: buffer overflow in message unpacking bsc1257651. - Make logrotate work on log as user munge to prevent local privilege...

AZL-77451 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

[SECURITY] [DLA 4477-1] munge security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4477-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 10, 2026 https://wiki.debian.org/LTS -...

Linux Distros Unpatched Vulnerability : CVE-2026-25506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability ...