EUVD-2025-16210

Malicious code in bioql PyPI...

kea: Loading a malicious hook library can lead to local privilege escalation

A flaw was found in the Kea package, where an unprivileged user can instruct Kea to load a hook library from any arbitrary local file. This hook can then be executed using the same privileges that Kea runs under. This vulnerability allows an attacker with access to a local, unprivileged account t...

DEBIAN-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

ALPINE-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

CVE-2025-32801

Summary: CVE-2025-32801 affects Kea configurations that can load a malicious hook library via API directives, with root/context privilege. Affected versions: Kea 2.4.0–2.4.1, 2.6.0–2.6.2, and 2.7.0–2.7.8. Impact: local privilege escalation and high impact components (root may load arbitrary code)...

UBUNTU-CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

cdrdao (Mandrake 10.2) - Local Privilege Escalation

cdrdao Mandrake 10.2 - Local Privilege Escalation !/bin/sh cdrdao local root exploit newbug at chroot.org IRC: irc.chroot.org chroot May 2005 echo "cdrdao private exploit" echo "This exploit only for Mandrake series" echo "newbug at chroot.org" echo "May 2005" echo "checking if cdrdao is setuid...

Linux Mandrake <= 10.2 cdrdao Local Root Exploit (unfixed)

Exploit for linux platform in category local exploits ========================================================== Linux Mandrake ld.so.c uidt getuid return 0; EOF echo "+ done." echo "preparing shell program ..." cat sh.c include int mainint argc,char argv setreuid0,0; setgid0; unlink"/tmp/ld.so";...