upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-23 10:37:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests
History
Petr Špaček 658d2e9f8e
Test that unsolicited NS in positive answer cannot overwrite current NS 
Before the fixes for CVE-2025-40778, an unsolicited in-bailiwick NS
record was accepted from a (spoofed) answer, enabling a single spoofed A
query/response to redirect traffic for a whole delegation.

In short, the attacker tries to spoof at least one answer that has the
following form:

    rcode NOERROR
    flags QR AA
    ;QUESTION
    trigger$RANDOM.victim. IN TXT
    ;ANSWER
    trigger$RANDOM.victim. 3600 IN TXT "spoofed answer with extra NS"
    ;AUTHORITY
    victim. 3600 IN NS ns.attacker.
    ;ADDITIONAL

This attack was originally reported as "test case 1".

Co-authored-by: Michał Kępień <michal@isc.org>
2025-12-22 11:58:39 +01:00
..
startperf Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00
system Test that unsolicited NS in positive answer cannot overwrite current NS 2025-12-22 11:58:39 +01:00
testdata/wire move all optional tests from bin/tests to bin/tests/optional 2018-03-09 14:12:47 -08:00
.gitignore Move environment variables from conf.sh to pytest 2024-05-09 17:08:08 +02:00
meson.build replace the build system with meson 2025-06-11 10:30:12 +03:00
test_client.c Add and use global memory context called isc_g_mctx 2025-08-04 11:29:26 +02:00
test_server.c Add and use global memory context called isc_g_mctx 2025-08-04 11:29:26 +02:00