munge-0.5.13-3.el8_10
エラータID: AXSA:2026-219:01
リリース日:
2026/02/25 Wednesday - 18:23
題名:
munge-0.5.13-3.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- MUNGE の munged には、バッファオーバーフローに起因して暗号鍵が
漏洩してしまう問題があるため、ローカルの攻撃者により、大きすぎる
アドレス長フィールドを持つように細工されたメッセージの送信を介して、
なりすましによる特権昇格を可能とする脆弱性が存在します。
(CVE-2026-25506)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.
追加情報:
N/A
ダウンロード:
SRPMS
- munge-0.5.13-3.el8_10.src.rpm
MD5: 735110415a432ab1a9faf7362646d804
SHA-256: 70b7f67992e7a13582a83a681fab53cf3b0fe6bb0d47d7a11e44e1ec64ba0c4a
Size: 400.14 kB
Asianux Server 8 for x86_64
- munge-0.5.13-3.el8_10.x86_64.rpm
MD5: d2568b4cf6da334a7c860322b877c623
SHA-256: 2db1a91e61eef6097231f5bb936bf114aed7e9f1bdeaba4778a6f701dc385e21
Size: 120.79 kB - munge-devel-0.5.13-3.el8_10.i686.rpm
MD5: 2c3c7c480fb8182b26d8bc59251f58d8
SHA-256: b15d68dcdd62763ccb6c46c1897ef389cee948bbbc64bf343b7607fd336164fb
Size: 27.28 kB - munge-devel-0.5.13-3.el8_10.x86_64.rpm
MD5: 06cd95565e9119607632167ee9a1540b
SHA-256: dec22642312b1912e4a7164b0116c16f9896b7ee80d5eeb36070c0e454685862
Size: 27.25 kB - munge-libs-0.5.13-3.el8_10.i686.rpm
MD5: 294ddd6c9ccca9c83dc3d1852b4bb893
SHA-256: 8baa4013749978fa6e6d932eb668caae0a9819f1dc8661fd31298af0db92bd1a
Size: 29.66 kB - munge-libs-0.5.13-3.el8_10.x86_64.rpm
MD5: de5f33c90ceb4cb3c2c84f93e23564e1
SHA-256: 4fa4a052a8037da99bf018ffaa5bb38cfc4504d369da1d204380c3c01c6c7cb6
Size: 28.99 kB
English