| View previous topic :: View next topic |
| Author |
Message |
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 4071
|
 Posted: Tue Jun 03, 2025 5:12 pm Post subject: net-misc/kea::gentoo: CVEs |
 |
|
Opensuse report for 2.6.1, which isn't ::gentoo.
However report suspects previous version(s) to be impacted.
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
 |
Ralphred
l33t
Joined: 31 Dec 2013
Posts: 791
|
| Posted: Wed Jun 04, 2025 11:35 am Post subject: |
|
|
| Quote: | | Since the agent is not configured by default at all, we consider that Gentoo is not affected by any of the issues. |
|
|
| Back to top |
|
|
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 4071
|
| Posted: Wed Jun 04, 2025 5:51 pm Post subject: |
|
|
Thks for pointing out.
I must admit I first overlooked it.
Let me add the full Gentoo notes for completeness: | Code: | 6.5) Gentoo Linux
System Release rolling release (as of 2025-05-23)
Kea Version 2.4.1
Kea Credentials root:root
Kea Socket Dir /run/kea owned by dhcp:dhcp mode 0750
Kea Log Dir /var/log/kea, owned by root:dhcp mode 0750
Kea State Dir /var/lib/kea, owned by root:dhcp mode 0750
Affected By if kea-ctrl-agent is manually enabled: 3.1, 3.2, 3.3
On Gentoo Linux Kea is only available as an unstable ~amd64 ebuild. It seems still incomplete, because the default configuration is broken (wrong paths) and the services won’t start. Also the kea-ctrl-agent is not part of the default configuration.
The directory permissions are inconsistent with the root:root credentials the Kea services are running with. This creates opportunities for a compromised dhcp user/group to stage symlink attacks in /run/kea, for example.
There are no information leaks and the /tmp directory is not used for sockets. Since the agent is not configured by default at all, we consider that Gentoo is not affected by any of the issues.
When kea-ctrl-agent is actively added to the mix and authorization is not enabled on the REST API, then Gentoo would be affected by issues 3.1, 3.2 and 3.3. |
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
