Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
%20permits%20an%20attacker%20to%20view%20the%20entire%20contents%20of%20a%20zone.%20%20Protection%20of%20zone%20contents%20is%20often%20a%20commercial%20or%20business%20requirement.%20%0AIf%20accepted%2C%20a%20NOTIFY%20sets%20the%20zone%20refresh%20interval%20to%20'now'.%20%20If%20there%20is%20not%20already%20a%20refresh%20cycle%20in%20progress%20then%20named%20will%20initiate%20one%20by%20asking%20for%20the%20SOA%20RR%20from%20its%20list%20of%20masters.%20%20If%20there%20is%20already%20a%20refresh%20cycle%20in%20progress%2C%20then%20named%20will%20queue%20the%20new%20refresh%20request.%20%20If%20there%20is%20already%20a%20queued%20refresh%20request%2C%20the%20new%20NOTIFY%20will%20be%20discarded.%20Bogus%20notifications%20can't%20be%20used%20to%20force%20a%20zone%20transfer%20from%20a%20malicious%20server%2C%20but%20could%20trigger%20a%20high%20rate%20of%20zone%20refresh%20cycles.&color=brightgreen)
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
No PoCs from references.
- https://github.com/ALTinners/bind9
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AndrewLipscomb/bind9
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/Furious992/HW13-01
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/Maribel0370/Nebula-io
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Zhivarev/13-01-hw
- https://github.com/balabit-deps/balabit-os-7-bind9
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/dkiser/vulners-yum-scanner
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/mrt2h/DZ
- https://github.com/openkylin/bind9-libs
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/psmedley/bind-os2
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/zparnold/deb-checker
- https://github.com/zzzWTF/db-13-01