Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Denial of Service BIND Alert

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/

      A deliberately constructed packet can exploit an error in the handling of queries for TKEY records, permitting denial of service.

      CVE: CVE-2015-5477
      Document Version:          2.0
      Posting date:  28 July 2015
      Program Impacted:  BIND
      Versions affected:  9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2
      Severity:  Critical
      Exploitable:  Remotely
      Description:

      An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

      Impact:

      Both recursive and authoritative servers are vulnerable to this defect.  Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

      All versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1 and BIND 9.10.2-P2 are vulnerable.

      Operators should take steps to upgrade to a patched version as soon as possible.

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        Beat me to it. I just saw this on Ars

        http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.