About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

/dev/rob0 rob0 at gmx.co.uk
Tue Jul 28 23:33:16 UTC 2015

On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote:
> Is it safe to say the only vulnerable hosts would be those
> accepting queries from the outside world, or would this also
> pertain servers getting responses from the outside world with
> no inbound queries?

I would ask where does the "outside world" begin?  Many sites serve 
users with vulnerabilities.  Have you ever had botnet traffic 
originating from your network?  (I have, not fun.)

Otherwise your premise is valid; the malicious query comes to your 
named via port 53 UDP or TCP, not as a reply from another server.
But if you're thinking it's okay because you're going to deny the 
query, no!  This happens before named gets to that point.  Your 
nameserver must be closed to ALL potentially hostile queries.
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

More information about the bind-users mailing list