Metasploit modules that can be used to exploit ISC products
-
BIND TSIG Badtime Query Denial of Service
Disclosure Date: 2020-05-19First seen: 2020-05-26auxiliary/dos/dns/bind_tsig_badtimeA logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c. Authors: - Tobias Klein - Shuto Imai -
BIND TSIG Query Denial of Service
Disclosure Date: 2016-09-27First seen: 2020-04-26auxiliary/dos/dns/bind_tsigA defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries. Authors: - Martin Rocha - Ezequiel Tavella - Alejandro Parodi - Infobyte Research Team -
BIND TKEY Query Denial of Service
Disclosure Date: 2015-07-28First seen: 2020-04-26auxiliary/dos/dns/bind_tkeyThis module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0 through 9.10.2-P2. Authors: - Jonathan Foote - throwawayokejxqbbif - wvu <wvu@metasploit.com> -
DNS BailiWicked Host Attack
Disclosure Date: 2008-07-21First seen: 2020-04-26auxiliary/spoof/dns/bailiwicked_hostThis exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and due to the additional hostname entry being within bailiwick constraints of the original request the malicious host entry will get cached. Authors: - I)ruid <druid@caughq.org> - hdm <x@hdm.io> -
DNS BailiWicked Domain Attack
Disclosure Date: 2008-07-21First seen: 2020-04-26auxiliary/spoof/dns/bailiwicked_domainThis exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit replaces the target domains nameserver entries in a vulnerable DNS cache server. This attack works by sending random hostname queries to the target DNS server coupled with spoofed replies to those queries from the authoritative nameservers for that domain. Eventually, a guessed ID will match, the spoofed packet will get accepted, and the nameserver entries for the target domain will be replaced by the server specified in the NEWDNS option of this exploit. Authors: - I)ruid <druid@caughq.org> - hdm <x@hdm.io> - Cedric Blancher <sid@rstack.org> -
DNS Amplification Scanner
First seen: 2020-04-26auxiliary/scanner/dns/dns_ampThis module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party. Authors: - xistence <xistence@0x90.nl> -
ISC DHCP Zero Length ClientID Denial of Service Module
First seen: 2020-04-26auxiliary/dos/dhcp/isc_dhcpd_clientidThis module performs a Denial of Service Attack against the ISC DHCP server, versions 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1. It sends out a DHCP Request message with a 0-length client_id option for an IP address on the appropriate range for the dhcp server. When ISC DHCP Server tries to hash this value it exits abnormally. Authors: - sid - theLightCosine <theLightCosine@metasploit.com>
7 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details