CVE-2015-5477

EPSS 90.9%

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Affected products

n/a · n/a

public PoCs found — 12

githubgithub.com/robertdavidgraham/cve-2015-5477★ 64 githubgithub.com/elceef/tkeypoc★ 14 githubgithub.com/ilanyu/cve-2015-5477★ 1 githubgithub.com/knqyf263/cve-2015-5477★ 1 githubgithub.com/hmlio/vaas-cve-2015-5477★ 1 githubgithub.com/likekabin/ShareDoc_cve-2015-5477★ 0 githubgithub.com/xycloops123/TKEY-remote-DoS-vulnerability-exploit★ 0 cve_referencewww.exploit-db.com/exploits/37723/unverified cve_referencewww.exploit-db.com/exploits/37721/unverified cve_referencepacketstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.htmlunverified exploitdbwww.exploit-db.com/exploits/37723unverified exploitdbwww.exploit-db.com/exploits/37721unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html http://marc.info/?l=bugtraq&m=144000632319155&w=2