About CVE-2015-5477 ("An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure")

Mukund Sivaraman muks at isc.org
Wed Jul 29 02:52:50 UTC 2015

Hi Ben

On Tue, Jul 28, 2015 at 07:38:35PM -0400, Ben Croswell wrote:
> Absolutely there is a division of traffic. One set of servers hosting
> domains for the outside and another set with no inbound port 53 other than
> stateful replies to internally generated queries.

Keep in mind that some internally generated queries may be automatic
queries from services running inside your LAN that query based on some
external input (examples are webpages, spam filters, etc.). For this
reason, we usually consider even resolver bugs as externally vulnerable
for CVSS scoring. The scope of vulnerability would be based on the type
of issue, but it would be best not to depend on source of traffic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150729/cfd19b00/attachment-0001.bin>

More information about the bind-users mailing list