A deep look at CVE-2015-5477 and how CloudFlare Virtual DNS customers are protected
Blog post from Cloudflare
A critical remotely exploitable vulnerability was discovered in BIND9 DNS server that could cause a crash with a single packet. The mistake in handling of queries for the TKEY type causes an assertion to fail, leading to a server crash. Since the exploit packet is now public, it's crucial to investigate and understand the vulnerable code. The patch for this vulnerability involves adding name = NULL before the second call to dns_message_findname in dns_tkey_processquery function. Virtual DNS customers have always been protected from this attack even if they run BIND as RRDNS, CloudFlare's custom Go DNS server, validates incoming packets and strips them down to the most simple form possible before relaying them.
No tracked trend matches for this post yet.
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.