1. Forum
  2. tqwNet
  3. TQW LINUX

  • Local vulnerabilities in Kea DHCP

    From LWN.net@1337:1/100 to All on Thursday, May 29, 2025 18:15:08
    Local vulnerabilities in Kea DHCP

    Date:
    Thu, 29 May 2025 17:07:09 +0000

    Description:
    The SUSE Security Team has published a detailed
    report about security vulnerabilities it discovered in the Kea DHCP server suite from the Internet Systems Consortium (ISC). Since SUSE is also going to ship Kea DHCP in its products, we
    performed a routine review of its code base. Even before checking the
    network security of Kea, we stumbled over a range of local security
    issues, among them a local root exploit which is possible in many
    default installations of Kea on Linux and BSD distributions. [...] This
    report is based on Kea release 2.6.1. Any source code
    references in this report relate to this version. Many systems still
    ship older releases of Kea, but we believe they are all affected as
    well by the issues described in this report. The report details seven
    security issues including local-privilege-escalation and arbitrary file overwrite vulnerabilities. Security fixes for the vulnerabilities have been published in all of the currently supported release series of Kea: 2.4.2 , 2.6.3 ,
    and the 2.7.9 development release were all released on May28. Kea has
    assigned CVE-2025-32801 , CVE-2025-32802 ,
    and CVE-2025-32803 to the vulnerabilities. Note that some of the CVEs
    cover multiple security flaws.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1023093/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)