Jonathan Foote discovered that the BIND DNS server does not properly
handle TKEY queries. A remote attacker can take advantage of this flaw
to mount a denial of service via a specially crafted query triggering an
assertion failure and causing BIND to exit.

CPENameOperatorVersion
bind9eq1:9.7.3.dfsg-1~squeeze3~bpo50+1
bind9eq1:9.7.3.dfsg-1~squeeze7
bind9eq1:9.7.3.dfsg-1~squeeze14
bind9eq1:9.7.3.dfsg-1~squeeze15
bind9eq1:9.7.3.dfsg-1~squeeze11
bind9eq1:9.7.3.dfsg-1~squeeze2~bpo50+1
bind9eq1:9.7.3.dfsg-1~squeeze3
bind9eq1:9.7.3.dfsg-1~squeeze9
bind9eq1:9.7.3.dfsg-1~squeeze6
bind9eq1:9.7.3.dfsg-1~squeeze4

Name	Operator	Version
bind9	eq	1:9.7.3.dfsg-1~squeeze3~bpo50+1
bind9	eq	1:9.7.3.dfsg-1~squeeze7
bind9	eq	1:9.7.3.dfsg-1~squeeze14
bind9	eq	1:9.7.3.dfsg-1~squeeze15
bind9	eq	1:9.7.3.dfsg-1~squeeze11
bind9	eq	1:9.7.3.dfsg-1~squeeze2~bpo50+1
bind9	eq	1:9.7.3.dfsg-1~squeeze3
bind9	eq	1:9.7.3.dfsg-1~squeeze9
bind9	eq	1:9.7.3.dfsg-1~squeeze6
bind9	eq	1:9.7.3.dfsg-1~squeeze4

Rows per page:

1-10 of 191

References

www.debian.org/lts/security/2015/dla-285

nessus 44

archlinux 1

suse 7

altlinux 3

zdt 3

metasploit 1

slackware 1

openvas 35

centos 3

debiancve 1

amazon 1

f5 2

fedora 3

redhat 5

myhack58 1

veracode 1

packetstorm 1

securityvulns 4

freebsd_advisory 1

checkpoint_advisories 2

hackerone 3

exploitpack 2

freebsd 1

cve 1

ubuntucve 1

osv 1

ibm 3

threatpost 1

prion 1

debian 3

aix 1

oraclelinux 11

mageia 1

exploitdb 2

ubuntu 1

gentoo 1

nessus

AIX 6.1 TL 8 : bind9 (IV75694)

2015-08-17 00:00:00

AIX 7.1 TL 2 : bind9 (IV75690)

2015-08-17 00:00:00

Amazon Linux AMI : bind (ALAS-2015-573)

2015-07-29 00:00:00

archlinux

bind: denial of service

2015-07-29 00:00:00

suse

Security update for bind (important)

2015-08-03 12:08:36

Security update for bind (important)

2015-07-28 21:08:56

Security update for bind (important)

2015-07-28 21:09:26

altlinux

Security fix for the ALT Linux 8 package bind version 9.9.7-alt1

2015-07-28 00:00:00

Security fix for the ALT Linux 9 package bind version 9.9.7-alt1

2015-07-28 00:00:00

Security fix for the ALT Linux 7 package bind version 9.9.7-alt1

2015-07-28 00:00:00

zdt

BIND9 TKEY Query Denial of Service Exploit

2015-08-04 00:00:00

ISC BIND9 TKEY Remote DoS PoC

2015-08-05 00:00:00

BIND9 - TKEY PoC Exploit

2015-08-01 00:00:00

metasploit

BIND TKEY Query Denial of Service

2015-08-01 11:01:35

slackware

[slackware-security] bind

2015-07-28 19:38:44

openvas

SUSE: Security Advisory (SUSE-SU-2015:1304-1)

2021-06-09 00:00:00

SUSE: Security Advisory for bind (SUSE-SU-2015:1305-1)

2015-10-16 00:00:00

Debian Security Advisory DSA 3319-1 (bind9 - security update)

2015-07-28 00:00:00

centos

bind, caching security update

2015-07-29 02:04:03

bind97 security update

2015-07-29 02:03:50

bind security update

2015-07-29 01:43:33

debiancve

CVE-2015-5477

2015-07-29 14:59:00

amazon

Critical: bind

2015-07-28 11:32:00

SOL16909 - BIND vulnerability CVE-2015-5477

2015-07-28 00:00:00

K16909 : BIND vulnerability CVE-2015-5477

2015-11-03 00:00:00

fedora

[SECURITY] Fedora 22 Update: bind-9.10.2-4.P3.fc22

2015-08-01 02:25:40

[SECURITY] Fedora 22 Update: bind99-9.9.7-6.P2.fc22

2015-08-01 02:27:27

[SECURITY] Fedora 21 Update: bind-9.9.6-10.P1.fc21

2015-08-01 02:26:01

redhat

(RHSA-2015:1513) Important: bind security update

2015-07-28 00:00:00

(RHSA-2015:1515) Important: bind97 security update

2015-07-28 00:00:00

(RHSA-2015:1514) Important: bind security update

2015-07-28 00:00:00

myhack58

A data packet to eliminate a single server of the DNS vulnerability-vulnerability warning-the black bar safety net

2015-08-02 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:06:56

packetstorm

BIND TKEY Query Denial Of Service

2015-07-31 00:00:00

securityvulns

ISC bind named DoS

2015-08-03 00:00:00

APPLE-SA-2015-08-13-4 OS X Server v4.1.5

2015-08-17 00:00:00

FreeBSD Security Advisory FreeBSD-SA-15:17.bind

2015-08-03 00:00:00

freebsd_advisory

FreeBSD-SA-15:17.bind

2015-07-28 00:00:00

checkpoint_advisories

ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)

2020-12-22 00:00:00

ISC BIND Invalid TKEY Query Denial Of Service (CVE-2015-5477; CVE-2020-8625)

2015-08-01 00:00:00

hackerone

ownCloud: doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2017-03-31 03:48:28

Nextcloud: ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2017-06-07 23:28:05

ownCloud: owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)

2015-09-15 20:11:07

exploitpack

ISC BIND 9 - TKEY (PoC)

2015-08-01 00:00:00

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

2015-08-05 00:00:00

freebsd

bind -- denial of service vulnerability

2015-07-21 00:00:00

cve

CVE-2015-5477

2015-07-29 14:59:00

ubuntucve

CVE-2015-5477

2015-07-28 00:00:00

osv

bind9 - security update

2015-07-28 00:00:00

ibm

Security Bulletin: Vulnerability in BIND affects IBM Netezza Host Management (CVE-2015-5477)

2019-10-18 03:10:29

Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2015-5477 and CVE-2015-4620.

2019-12-18 14:26:38

Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-17 22:30:13

threatpost

Critical Remotely Exploitable Bug Haunts BIND

2015-07-29 09:09:28

prion

Authentication flaw

2015-07-29 14:59:00

debian

[SECURITY] [DSA 3319-1] bind9 security update

2015-07-28 19:05:08

[SECURITY] [DLA 285-1] bind9 security update

2015-07-28 19:23:41

[SECURITY] [DSA 3319-1] bind9 security update

2015-07-28 19:05:08

aix

Vulnerability in BIND affects AIX,Vulnerability in BIND affects VIOS

2015-08-13 10:35:36

oraclelinux

bind security update

2015-07-29 00:00:00

bind security update

2015-07-29 00:00:00

bind97 security update

2015-07-29 00:00:00

mageia

Updated bind package fixes security vulnerability

2015-08-01 01:46:26

exploitdb

ISC BIND 9 - TKEY (PoC)

2015-08-01 00:00:00

ISC BIND 9 - TKEY Remote Denial of Service (PoC)

2015-08-05 00:00:00

ubuntu

Bind vulnerabilities

2015-07-28 00:00:00

gentoo

BIND: Denial of service

2015-10-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Related for OSV:DLA-285-1