Kea DHCP: Local Vulnerabilities in Many Linux and BSD Distributions
a year ago
- #linux
- #vulnerability
- #security
- Kea DHCP has multiple local vulnerabilities affecting many Linux and BSD distributions.
- Local privilege escalation is possible via hook library injection (CVE-2025-32801).
- Arbitrary file overwrite vulnerability via config-write command (CVE-2025-32802).
- Log files can be redirected to arbitrary paths (shared CVE with 3.2).
- Service spoofing and DoS issues with sockets in /tmp (shared CVE with 3.2).
- World-readable DHCP lease and log files (CVE-2025-32803).
- Hardening suggestions include enforcing authentication on REST API and restricting file paths.
- Bugfixes in Kea releases 2.4.2, 2.6.3, and 2.7.9 address these vulnerabilities.
- Affected distributions include Arch Linux, Debian, Ubuntu, Fedora, Gentoo, openSUSE, FreeBSD, NetBSD, and OpenBSD.
- CVE assignments include CVE-2025-32801, CVE-2025-32802, and CVE-2025-32803.