About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")
Ben Croswell
ben.croswell at gmail.com
Tue Jul 28 23:38:35 UTC 2015
Absolutely there is a division of traffic. One set of servers hosting
domains for the outside and another set with no inbound port 53 other than
stateful replies to internally generated queries.
Just looking to prioritize patching schedules.
On Jul 28, 2015 7:33 PM, "/dev/rob0" <rob0 at gmx.co.uk> wrote:
> On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote:
> > Is it safe to say the only vulnerable hosts would be those
> > accepting queries from the outside world, or would this also
> > pertain servers getting responses from the outside world with
> > no inbound queries?
>
> I would ask where does the "outside world" begin? Many sites serve
> users with vulnerabilities. Have you ever had botnet traffic
> originating from your network? (I have, not fun.)
>
> Otherwise your premise is valid; the malicious query comes to your
> named via port 53 UDP or TCP, not as a reply from another server.
> But if you're thinking it's okay because you're going to deny the
> query, no! This happens before named gets to that point. Your
> nameserver must be closed to ALL potentially hostile queries.
> --
> http://rob0.nodns4.us/
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150728/cdafbbfe/attachment.html>
More information about the bind-users
mailing list