Bugzilla – Bug 939567
VUL-0: CVE-2015-5477: bind: DoS against authoritative and recursive servers
Last modified: 2022-02-13 11:07:34 UTC
A deliberately constructed packet can exploit an error in the handling of queries for TKEY records, permitting denial of service. CVE: CVE-2015-5477 Document Version: 1.0 Posting date: 28 July 2015 Program Impacted: BIND Versions affected: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 Severity: Critical Exploitable: Remotely Description: An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. Impact: Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries. All versions of BIND 9 from BIND 9.1.0 (inclusive) through BIND 9.9.7-P1 and BIND 9.10.2-P2 are vulnerable. Operators should take steps to upgrade to a patched version as soon as possible. CVSS Score: 7.8 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C) For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C) Workarounds: None. Active exploits: None known. Solution: Upgrade to the patched release most closely related to your current version of BIND. BIND 9 version 9.9.7-P2: ftp://ftp.isc.org/isc/bind9/private/095ae241bfe06d50 BIND 9 version 9.10.2-P3: ftp://ftp.isc.org/isc/bind9/private/a810d5d65fbdcf28 Acknowledgements: ISC would like to thank Jonathan Foote for discovering and disclosing this vulnerability.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-08-03. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62233
CRD: 2015-07-28
Issue is public: https://kb.isc.org/article/AA-01272
SUSE-SU-2015:1304-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 939567 CVE References: CVE-2015-5477 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Software Development Kit 11-SP3 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Server for VMWare 11-SP3 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Server 11-SP4 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Server 11-SP3 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Server 11-SP2-LTSS (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Desktop 11-SP4 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Desktop 11-SP3 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): bind-9.9.6P1-0.12.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): bind-9.9.6P1-0.12.1
SUSE-SU-2015:1305-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 939567 CVE References: CVE-2015-5477 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): bind-9.9.6P1-23.1 SUSE Linux Enterprise Server 12 (src): bind-9.9.6P1-23.1 SUSE Linux Enterprise Desktop 12 (src): bind-9.9.6P1-23.1
Cross-references: https://www.suse.com/support/bindpatches/ https://www.suse.com/communities/conversations/?p=21099 https://www.suse.com/support/update/announcement/2015/suse-su-20151304-1.html https://www.suse.com/support/kb/doc.php?id=7016709 https://www.suse.com/security/cve/CVE-2015-5477.html
SUSE-SU-2015:1316-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 939567 CVE References: CVE-2015-5477 Sources used: SUSE Linux Enterprise Server 11-SP1-LTSS (src): bind-9.6ESVR11W1-0.6.1
all updates released
SUSE-SU-2015:1322-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 939567 CVE References: CVE-2015-5477 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): bind-9.6ESVR11P1-0.14.1
openSUSE-SU-2015:1326-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 918330,936476,939567 CVE References: CVE-2015-1349,CVE-2015-4620,CVE-2015-5477 Sources used: openSUSE Evergreen 11.4 (src): bind-9.9.4P2-66.1
openSUSE-SU-2015:1335-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 939567 CVE References: CVE-2015-5477 Sources used: openSUSE 13.2 (src): bind-9.9.6P1-2.7.1 openSUSE 13.1 (src): bind-9.9.4P2-2.14.1
Hi, can somebody tell me how to reproduce this bug? Thank you, Alex
There is probably a public exploit around somewhere. Google does not find it outright.
*** Bug 946659 has been marked as a duplicate of this bug. ***
SUSE-SU-2016:0227-1: An update that fixes four vulnerabilities is now available. Category: security (important) Bug References: 939567,944066,958861,962189 CVE References: CVE-2015-5477,CVE-2015-5722,CVE-2015-8000,CVE-2015-8704 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): bind-9.6ESVR11P1-0.18.1