Chris Dunlap <[email protected]> writes: > A buffer overflow vulnerability in MUNGE allows a local attacker to > leak cryptographic key material from the munged daemon process > memory. With the leaked key material, the attacker could forge > arbitrary MUNGE credentials to impersonate any user to services that > rely on MUNGE for authentication.
Thanks for posting this to oss-security. > [...] > > There is no indication this vulnerability is being exploited in the > wild. The vulnerability was discovered during a security audit and > responsibly disclosed. > > [...] I see there's a writeup published now as well: https://blog.lexfo.fr/munge-heap-buffer-overflow.html > Reported by Titouan Lazard (LEXFO). sam
signature.asc
Description: PGP signature
