[Hackmeeting] ANY TKEY

Nachricht löschen

Nachricht beantworten

Autor: hektisch
Datum:
To: hackmeeting
Betreff: [Hackmeeting] ANY TKEY

An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.

Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

https://kb.isc.org/article/AA-01272/74/CVE-2015-5477%3A-An-error-in-handling-TKEY-queries-can-cause-named-to-exit-with-a-REQUIRE-assertion-failure.html <https://kb.isc.org/article/AA-01272/74/CVE-2015-5477:-An-error-in-handling-TKEY-queries-can-cause-named-to-exit-with-a-REQUIRE-assertion-failure.html>

http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-could-hamstring-huge-swaths-of-internet/ <http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-could-hamstring-huge-swaths-of-internet/>

— hektisch

Diese Nachricht wurde auf der folgenden Mailing-List gepostet:
hackmeeting Mailing-List-Info \| Nachrichten um die Zeit		Re: [Hackmeeting] Un elenco di attacchi informatici di stato	[Hackmeeting] A GAME OF YOU: Into the Social Media Vortex

lists.autistici.org administriert von postmaster

Lurker (Version 2.3)