CVE-2015-5477
ISC BIND 9 - TKEY Remote Denial of Service (PoC)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Vulnerabilidad identificada en ISC BIND 9.x en versiones anteriores a 9.9.7-P2 y 9.10.x en versiones anteriores a 9.10.2-P3, permite a atacantes remotos causar una denegación de servicio (fallo en la comprobación de REQUIRE y salida del demonio) a través de consultas TKEY.
A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-10 CVE Reserved
- 2015-07-28 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-19: Data Processing Errors
- CWE-617: Reachable Assertion
CAPEC
References (46)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/37723 | 2024-08-06 | |
https://www.exploit-db.com/exploits/37721 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://kb.isc.org/article/AA-01272 | 2015-07-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | <= 9.9.7 Search vendor "Isc" for product "Bind" and version " <= 9.9.7" | p1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | <= 9.10.2 Search vendor "Isc" for product "Bind" and version " <= 9.10.2" | p2 |
Affected
|