Vulnerability as a service: showcasing CVS-2015-5447, a DDoS condition in the bind9 software
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Vulnerability as a Service - CVE 2015-5477

A Debian (Wheezy) Linux system with a vulnerable version of bind9 to showcase CVS-2015-5477.


This docker container is based on Debian Wheezy and has been modified to use a vulernable version of bind9 and the matching additional dependencies.


Get the container with docker pull hmlio/vaas-cve-2015-5477.

Run the container with a port mapping (for the maximum "Dude! This sucks!" effect I recommend starting the container without detaching it as a background process): docker run -p 53:53/udp hmlio/vaas-cve-2015-5477

You should be able to do DNS queries via the container: dig @<your-ip> any


At the time of this writing, a proof of concept exploit is available here.

From another terminal windows fire up the exploit like so: python <your-ip>

Change back to the original terminal window where you started the container in the foreground and you should see someting similar to this:

04-Aug-2015 20:47:14.841 createfetch: DS
04-Aug-2015 20:47:14.886 createfetch: de DNSKEY
04-Aug-2015 20:48:54.130 message.c:2311: REQUIRE(*name == ((void *)0)) failed, back trace
04-Aug-2015 20:48:54.130 #0 0x7fa696e2fdd9 in ??
04-Aug-2015 20:48:54.130 #1 0x7fa695770f3a in ??
04-Aug-2015 20:48:54.130 #2 0x7fa69669806f in ??
04-Aug-2015 20:48:54.130 #3 0x7fa696723bd9 in ??
04-Aug-2015 20:48:54.130 #4 0x7fa696e40615 in ??
04-Aug-2015 20:48:54.130 #5 0x7fa696e26e71 in ??
04-Aug-2015 20:48:54.130 #6 0x7fa69578fe1d in ??
04-Aug-2015 20:48:54.130 #7 0x7fa695143b50 in ??
04-Aug-2015 20:48:54.130 #8 0x7fa694b2d95d in ??
04-Aug-2015 20:48:54.130 exiting (due to assertion failure)
Aborted (core dumped)