Public bug reported:
from the advisory:
A local attacker can exploit a buffer overflow vulnerability in munged
(the MUNGE authentication daemon) to leak cryptographic key material
from process memory. With the leaked key material, the attacker could
forge arbitrary MUNGE credentials to impersonate any user (including
root) to services that rely on MUNGE for authentication.
The vulnerability allows a buffer overflow by sending a crafted message
with an oversized address length field, corrupting munged's internal
state and enabling extraction of the MAC subkey used for credential
verification.
** Affects: munge (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2141563
Title:
GHSA-r9cr-jf4v-75gh vunlerability in munge
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/munge/+bug/2141563/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
