About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")
/dev/rob0
rob0 at gmx.co.uk
Tue Jul 28 23:33:16 UTC 2015
On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote:
> Is it safe to say the only vulnerable hosts would be those
> accepting queries from the outside world, or would this also
> pertain servers getting responses from the outside world with
> no inbound queries?
I would ask where does the "outside world" begin? Many sites serve
users with vulnerabilities. Have you ever had botnet traffic
originating from your network? (I have, not fun.)
Otherwise your premise is valid; the malicious query comes to your
named via port 53 UDP or TCP, not as a reply from another server.
But if you're thinking it's okay because you're going to deny the
query, no! This happens before named gets to that point. Your
nameserver must be closed to ALL potentially hostile queries.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list