ISC Kea 安全漏洞

ISC Kea is a modern open-source DHCPv4 and DHCPv6 server belonging to the ISC organization. Versions 2.6.0 to 2.6.4, as well as 3.0.0 to 3.0.2 of ISC Kea, have security vulnerabilities. These vulnerabilities stem from custom messages that may lead to stack overflow errors...

AlmaLinux 10 : kea (ALSA-2025:9178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:9178 advisory. kea: Loading a malicious hook library can lead to local privilege escalation CVE-2025-32801 kea: Insecure handling of file paths allows multiple local...

RockyLinux 10 : kea (RLSA-2025:9178)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:9178 advisory. kea: Loading a malicious hook library can lead to local privilege escalation CVE-2025-32801 kea: Insecure handling of file paths allows multiple local...

RHEL 10 : kea (RHSA-2025:9178)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:9178 advisory. DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP...

FreeBSD : ISC KEA -- Multiple vulnerabilities (34744aab-3bf7-11f0-b81c-001b217e4ee5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 34744aab-3bf7-11f0-b81c-001b217e4ee5 advisory. Internet Systems Consortium, Inc. reports: Tenable has extracted the preceding description blo...

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...