Published: 29/07/2015 Updated: 10/11/2017

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 792

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

named in ISC BIND 9.x prior to 9.9.7-P2 and 9.10.x prior to 9.10.2-P3 allows remote malicious users to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind

Bind could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #839051 bind9: CVE-2016-2848: A packet with malformed options can trigger an assertion failure Package: bind9; Maintainer for bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Source for bind9 is src:bind9 (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Wed, 2 ...

Debian Bug report logs - #793903 bind9: CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Jul 2015 1 ...

Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit For the oldstable distribution (wheezy), this problem has been fixed in version 1:984dfsg ...

As <a href="kbiscorg/article/AA-01272/0">reported upstream</a>, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit ...

A flaw was found in the way BIND handled requests for TKEY DNS resource records A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet ...

/* PoC for BIND9 TKEY assert Dos (CVE-2015-5477) Usage: tkill <hostname> What it does: - First sends a "version" query to see if the server is up - Regardless of the version response, it then sends the DoS packet - Then it waits 5 seconds for a response If the server crashes, there wi ...

#!/usr/bin/env python # Exploit Title: PoC for BIND9 TKEY DoS # Exploit Author: elceef # Software Link: githubcom/elceef/tkeypoc/ # Version: ISC BIND 9 # Tested on: multiple # CVE : CVE-2015-5477 import socket import sys print('CVE-2015-5477 BIND9 TKEY PoC') if len(sysargv) < 2: print('Usage: ' + sysargv[0] + ' [target]') syse ...

PoC exploit code for CVE-2015-5477 BIND9 TKEY remote DoS vulnerability

PoC for CVE-2015-5477 BIND9 TKEY DoS This code sends UDP packet that crashes vulnerable BIND9 DNS servers elceef@osiris:~/tkeypoc$ /tkeypocpy localhost CVE-2015-5477 BIND9 TKEY PoC Sending packet to localhost Done

Vulnerability as a service: showcasing CVS-2015-5447, a DDoS condition in the bind9 software

Vulnerability as a Service - CVE 2015-5477 A Debian (Wheezy) Linux system with a vulnerable version of bind9 to showcase CVS-2015-5477 Overview This docker container is based on Debian Wheezy and has been modified to use a vulernable version of bind9 and the matching additional dependencies Usage Get the container with docker pull hmlio/vaas-cve-2015-5477 Run the container w

PoC for BIND9 TKEY assert DoS (CVE-2015-5477)

cve-2015-5477 PoC for BIND9 TKEY assert DoS (CVE-2015-5477) $ ps awux | grep -v grep | grep bind bind 2373 00 22 141164 13424 ? Ssl 14:58 0:00 /var/named/chroot/sbin/named -u bind -t /var/named/chroot -c /etc/namedconf $ python tkillpy 127001 Begin emission: Finished to send 1 packets

Exploit code for CVE-2015-5477 POC

TKEY-remote-DoS-vulnerability-exploit Exploit code for CVE-2015-5477 POC

PoC exploit for CVE-2015-5477 in php

cve-2015-5477

ShareDoc the document I shared with others add cve-2015-5477 debug

PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure

PoC for BOND9 TKEY assert DoS (CVE-2015-5477) This exploit tests to see if a BIND9 server is vulnerable by sending the exploit in order to see if it crashes It's C code that you compile the normal way on Unix/Window, such as: # gcc tkillc -o tkill It'll run over both IPv4 and IPv6 This is what it looks like running against lo

Bound to happen: BIND bug exploits now in the wild

The Register • Richard Chirgwin • 04 Aug 2015

Tardy on the patch? GET BUSY

Security bods are nagging anyone running BIND to install last week's patch, as active exploits have started to appear in the wild. That information comes from Sucuri's Daniel Cid, who writes that "attacks have begun," based on reports from the company's customers that they were experiencing DNS server crashes. The patch is straightforward for anyone running Linux-based DNS servers. Ubuntu, Red Hat, CentOS, and Debian have all caught up with the bug, so patching is straightforward – yum update ...

CWE-19 https://kb.isc.org/article/AA-01272 http://www.debian.org/security/2015/dsa-3319 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-1515.html http://rhn.redhat.com/errata/RHSA-2015-1513.html http://rhn.redhat.com/errata/RHSA-2015-1514.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html http://www.ubuntu.com/usn/USN-2693-1 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918 http://marc.info/?l=bugtraq&m=144181171013996&w=2 http://marc.info/?l=bugtraq&m=144000632319155&w=2 http://marc.info/?l=bugtraq&m=144294073801304&w=2 http://marc.info/?l=bugtraq&m=144017354030745&w=2 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/76092 http://rhn.redhat.com/errata/RHSA-2016-0078.html http://rhn.redhat.com/errata/RHSA-2016-0079.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480 http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html https://kb.isc.org/article/AA-01306 https://security.gentoo.org/glsa/201510-01 https://kc.mcafee.com/corporate/index?page=content&id=SB10126 https://kb.isc.org/article/AA-01305 https://kb.isc.org/article/AA-01307 https://support.apple.com/kb/HT205032 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415 https://www.exploit-db.com/exploits/37723/http://www.securitytracker.com/id/1033100 http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html https://kb.isc.org/article/AA-01438 https://kb.juniper.net/JSA10783 https://www.exploit-db.com/exploits/37721/https://security.netapp.com/advisory/ntap-20160114-0001/https://usn.ubuntu.com/2693-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/37721/https://access.redhat.com/security/cve/cve-2015-5477

CVE-2015-5477

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect