// For flags

CVE-2015-5477

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

11
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Vulnerabilidad identificada en ISC BIND 9.x en versiones anteriores a 9.9.7-P2 y 9.10.x en versiones anteriores a 9.10.2-P3, permite a atacantes remotos causar una denegación de servicio (fallo en la comprobación de REQUIRE y salida del demonio) a través de consultas TKEY.

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-07-10 CVE Reserved
  • 2015-07-28 CVE Published
  • 2015-07-31 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-03-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-19: Data Processing Errors
  • CWE-617: Reachable Assertion
CAPEC
References (55)
URL Tag Source
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718 X_refsource_confirm
http://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html X_refsource_misc
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html X_refsource_confirm
http://www.securityfocus.com/bid/76092 Vdb Entry
http://www.securitytracker.com/id/1033100 Vdb Entry
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04789415 X_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918 X_refsource_confirm
https://kb.isc.org/article/AA-01305 X_refsource_confirm
https://kb.isc.org/article/AA-01306 X_refsource_confirm
https://kb.isc.org/article/AA-01307 X_refsource_confirm
https://kb.isc.org/article/AA-01438 X_refsource_confirm
https://kb.juniper.net/JSA10783 X_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10126 X_refsource_confirm
https://security.netapp.com/advisory/ntap-20160114-0001 X_refsource_confirm
https://support.apple.com/kb/HT205032 X_refsource_confirm
http://web.archive.org/web/20190425014550/https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure
URL Date SRC
https://packetstorm.news/files/id/180552 2024-08-31
https://packetstorm.news/files/id/132926 2015-07-31
https://www.exploit-db.com/exploits/37723 2024-08-06
https://www.exploit-db.com/exploits/37721 2024-08-06
https://github.com/robertdavidgraham/cve-2015-5477 2024-08-27
https://github.com/elceef/tkeypoc 2024-08-12
https://github.com/hmlio/vaas-cve-2015-5477 2018-08-19
https://github.com/knqyf263/cve-2015-5477 2015-10-24
https://github.com/ilanyu/cve-2015-5477 2024-08-12
https://github.com/likekabin/ShareDoc_cve-2015-5477 2018-07-17
https://github.com/xycloops123/TKEY-remote-DoS-vulnerability-exploit 2020-05-11
URL Date SRC
https://kb.isc.org/article/AA-01272 2015-07-28
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html 2017-11-10
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html 2017-11-10
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html 2017-11-10
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html 2017-11-10
http://marc.info/?l=bugtraq&m=144000632319155&w=2 2017-11-10
http://marc.info/?l=bugtraq&m=144017354030745&w=2 2017-11-10
http://marc.info/?l=bugtraq&m=144181171013996&w=2 2017-11-10
http://marc.info/?l=bugtraq&m=144294073801304&w=2 2017-11-10
http://rhn.redhat.com/errata/RHSA-2015-1513.html 2017-11-10
http://rhn.redhat.com/errata/RHSA-2015-1514.html 2017-11-10
http://rhn.redhat.com/errata/RHSA-2015-1515.html 2017-11-10
http://rhn.redhat.com/errata/RHSA-2016-0078.html 2017-11-10
http://rhn.redhat.com/errata/RHSA-2016-0079.html 2017-11-10
http://www.debian.org/security/2015/dsa-3319 2017-11-10
http://www.ubuntu.com/usn/USN-2693-1 2017-11-10
https://security.gentoo.org/glsa/201510-01 2017-11-10
https://access.redhat.com/security/cve/CVE-2015-5477 2016-01-28
https://bugzilla.redhat.com/show_bug.cgi?id=1247361 2016-01-28
https://access.redhat.com/solutions/1548963 2016-01-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 <= 9.9.7
Search vendor "Isc" for product "Bind" and version " <= 9.9.7"
p1
Affected
Isc
Search vendor "Isc"
 Bind
Search vendor "Isc" for product "Bind"
 <= 9.10.2
Search vendor "Isc" for product "Bind" and version " <= 9.10.2"
p2
Affected