Exploit ISC BIND 4.9.7/8.x - Traffic Amplification and NS Route Discovery

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19749
Проверка EDB
  1. Пройдено
Автор
SEBASTIAN
Тип уязвимости
REMOTE
Платформа
MULTIPLE
CVE
N/A
Дата публикации
2000-02-14
ISC BIND 4.9.7/8.x - Traffic Amplification and NS Route Discovery
Код:
source: https://www.securityfocus.com/bid/983/info

ISC BIND 4.9.7/8.1/8.1.1/8.1.2/8.2/8.2.1/8.2.2 Traffic Amplification and NS Route Discovery Vulnerability

A potential denial of service (hence forth referred to as DoS) attack exists in the default configuration of many popular DNS servers. If a server allows for remote hosts to query it for hosts other than those it serves, causing recursion, it may be possible to cause traffic amplification. While the numbers of packets amplified by a single server will not be likely to cause a denial of service, by exploiting the hierarchical nature of DNS, it becomes possible to cause large amounts of traffic to be directed to a single site.

The vulnerability exists in the way name servers will behave in the event that they are unable to receive replies for a domain from a nameserver they consider authoritative. When a nameserver receives a query, it is typically forwarded up a chain of DNS server. If the query cannot be resolved because there is no nameserver listening on the remote host, every forwarding nameserver will attempt to resolve the nameserver themselves. These are typically retried three times, at 0, 12 and 24 seconds. In this case, the traffic is significantly multiplied. By abusing multiple nameservers, it becomes possible to send a large quantity of data to a given network, with packet sizes as large as 500 bytes.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19749.tar.gz
 
Источник
www.exploit-db.com

Похожие темы