CyberSecurity news
FlagThis
@securityonline.info
//
Multiple local vulnerabilities have been discovered in the Kea DHCP server suite, impacting default installations on Linux and BSD distributions. A report by the SUSE Security Team highlighted these flaws during a routine code review, before the system was due to ship in their products. Among the issues is a critical local root exploit that allows an unprivileged user to inject a hook library, leading to arbitrary code execution with root privileges. Other vulnerabilities include the ability to overwrite configuration files via the config-write command, as well as hash denial-of-service issues.
The set-config REST API command presents a significant security risk, as it grants complete control over the configuration of the kea-ctrl-agent and individual Kea services. This control allows for a trivial local privilege escalation by configuring a hook library accessible to an unprivileged user. The vulnerabilities were found in Kea release 2.6.1, but it is believed that older releases are also affected. The report also details seven security issues including local-privilege-escalation and arbitrary file overwrite vulnerabilities.
The Internet Systems Consortium (ISC) has addressed these vulnerabilities by releasing security fixes in all currently supported release series of Kea: 2.4.2, 2.6.3, and 2.7.9. These updates were made available on May 28, 2025, and users are strongly advised to update their Kea DHCP server installations immediately. CVE numbers CVE-2025-32801, CVE-2025-32802, and CVE-2025-32803 have been assigned to the vulnerabilities, with some CVEs covering multiple security flaws.
ImgSrc: securityonline.
References :
The set-config REST API command presents a significant security risk, as it grants complete control over the configuration of the kea-ctrl-agent and individual Kea services. This control allows for a trivial local privilege escalation by configuring a hook library accessible to an unprivileged user. The vulnerabilities were found in Kea release 2.6.1, but it is believed that older releases are also affected. The report also details seven security issues including local-privilege-escalation and arbitrary file overwrite vulnerabilities.
The Internet Systems Consortium (ISC) has addressed these vulnerabilities by releasing security fixes in all currently supported release series of Kea: 2.4.2, 2.6.3, and 2.7.9. These updates were made available on May 28, 2025, and users are strongly advised to update their Kea DHCP server installations immediately. CVE numbers CVE-2025-32801, CVE-2025-32802, and CVE-2025-32803 have been assigned to the vulnerabilities, with some CVEs covering multiple security flaws.
ImgSrc: securityonline.
Share:
References :
- SUSE Security Team Blog: Kea DHCP: Local Vulnerabilities in many Linux and BSD Distributions
- securityonline.info: Security Alert: Multi Flaws in Kea DHCP Server Disclosed
Classification:
- HashTags: #DHCPsecurity #PrivilegeEscalation #LocalVulnerability
- Company: Kea
- Target: DHCP Servers
- Product: Kea DHCP
- Feature: REST API
- Type: Vulnerability
- Severity: Major