UNSUBSCRIBE
From: Andrei Pavel <and...@isc.org>
Sent: Wednesday, May 28, 2025 12:34 PM
To: oss-security@lists.openwall.com
Cc: security-offi...@isc.org
Subject: [oss-security] ISC has disclosed three vulnerabilities in Kea
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
On 28 May 2025 we (Internet Systems Consortium) disclosed three vulnerabilities
affecting our Kea software: - CVE-2025-32801: Loading a malicious hook
library can lead to local privilege escalation https: //kb. isc.
org/docs/cve-2025-32801
ZjQcmQRYFpfptBannerStart
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.
Report Suspicious
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CnbCE_LObTUL5LY!IfMr12grbHCMGIeYwb5C_RtYoOgfehO26TI0in2gmuaj2ZsS-Cc02EGYKPtCDZ809tra1TsFS_W0eMGQScNcg8JV$>
ZjQcmQRYFpfptBannerEnd
On 28 May 2025 we (Internet Systems Consortium) disclosed three
vulnerabilities affecting our Kea software:
- CVE-2025-32801: Loading a malicious hook library can lead to
local privilege escalation https://kb.isc.org/docs/cve-2025-32801
- CVE-2025-32802: Insecure handling of file paths allows multiple
local attacks https://kb.isc.org/docs/cve-2025-32802
- CVE-2025-32803: Insecure file permissions can result in
confidential information leakage https://kb.isc.org/docs/cve-2025-32803
New versions of Kea are available from https://www.isc.org/downloads
- https://downloads.isc.org/isc/kea/2.4.2/
- https://downloads.isc.org/isc/kea/2.6.3/
- https://downloads.isc.org/isc/kea/2.7.9/
With the public announcement of these vulnerabilities, the embargo
period is ended and any updated software packages that have been
prepared may be released.
