Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

Vulnerability as a Service - CVE 2015-5477

A Debian (Wheezy) Linux system with a vulnerable version of bind9 to showcase CVS-2015-5477.

Overview

This docker container is based on Debian Wheezy and has been modified to use a vulernable version of bind9 and the matching additional dependencies.

Usage

Get the container with docker pull hmlio/vaas-cve-2015-5477.

Run the container with a port mapping (for the maximum "Dude! This sucks!" effect I recommend starting the container without detaching it as a background process): docker run -p 53:53/udp hmlio/vaas-cve-2015-5477

You should be able to do DNS queries via the container: dig @<your-ip> hml.io any

Exploitation

At the time of this writing, a proof of concept exploit is available here.

From another terminal windows fire up the exploit like so: python exploit.py <your-ip>

Change back to the original terminal window where you started the container in the foreground and you should see someting similar to this:

04-Aug-2015 20:47:14.841 createfetch: hml.io DS
04-Aug-2015 20:47:14.886 createfetch: de DNSKEY
04-Aug-2015 20:48:54.130 message.c:2311: REQUIRE(*name == ((void *)0)) failed, back trace
04-Aug-2015 20:48:54.130 #0 0x7fa696e2fdd9 in ??
04-Aug-2015 20:48:54.130 #1 0x7fa695770f3a in ??
04-Aug-2015 20:48:54.130 #2 0x7fa69669806f in ??
04-Aug-2015 20:48:54.130 #3 0x7fa696723bd9 in ??
04-Aug-2015 20:48:54.130 #4 0x7fa696e40615 in ??
04-Aug-2015 20:48:54.130 #5 0x7fa696e26e71 in ??
04-Aug-2015 20:48:54.130 #6 0x7fa69578fe1d in ??
04-Aug-2015 20:48:54.130 #7 0x7fa695143b50 in ??
04-Aug-2015 20:48:54.130 #8 0x7fa694b2d95d in ??
04-Aug-2015 20:48:54.130 exiting (due to assertion failure)
Aborted (core dumped)
 failed!

About

Vulnerability as a service: showcasing CVS-2015-5447, a DDoS condition in the bind9 software

Resources

License

Releases

No releases published

Packages

No packages published