CVE-2015-5477
84Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 91%
from disclosure to weapon2 days
Published on NVDJul 29
1st PoC+2d
metasploitJul 28
VulnCheck+4d
exploitation probability
91%top 1% of all CVEs
observed exploitation
yesVulnCheck
16 public exploit(s)
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Affected products
n/a · n/apublic PoCs found — 16
githubgithub.com/robertdavidgraham/cve-2015-5477★ 64githubgithub.com/elceef/tkeypoc★ 14githubgithub.com/ilanyu/cve-2015-5477★ 1githubgithub.com/knqyf263/cve-2015-5477★ 1githubgithub.com/hmlio/vaas-cve-2015-5477★ 1githubgithub.com/likekabin/ShareDoc_cve-2015-5477★ 0githubgithub.com/xycloops123/TKEY-remote-DoS-vulnerability-exploit★ 0cve_referencewww.exploit-db.com/exploits/37723/unverifiedcve_referencewww.exploit-db.com/exploits/37721/unverifiedcve_referencepacketstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.htmlunverifiedexploitdbwww.exploit-db.com/exploits/37723unverifiedexploitdbwww.exploit-db.com/exploits/37721unverifiedvulncheckvulncheck.com/xdb/c7383d75ca4dunverifiedvulncheckvulncheck.com/xdb/015153ada07dunverifiedvulncheckvulncheck.com/xdb/55a2cb0838d4unverifiedvulncheckvulncheck.com/xdb/6a3d6ac5fd3funverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.htmlhttp://marc.info/?l=bugtraq&m=144000632319155&w=2