漏洞描述
DNS Zone Transfer configured with "allow-transfer { any; };" allowed unrestricted zone transfers.This exposed sensitive details like hostnames, network structure, and system data that attackers could use for reconnaissance and further attacks.
dns-zone-transfer-any: DNS Zone Transfer Allowed to Any Host
PoC代码[已公开]
id: dns-zone-transfer-any
info:
name: DNS Zone Transfer Allowed to Any Host
author: songyaeji
severity: high
description: |
DNS Zone Transfer configured with "allow-transfer { any; };" allowed unrestricted zone transfers.This exposed sensitive details like hostnames, network structure, and system data that attackers could use for reconnaissance and further attacks.
reference:
- https://isms.kisa.or.kr
tags: linux,local,kisa,audit,compliance
self-contained: true
code:
- engine:
- bash
source: |
grep -E 'allow-transfer' /etc/named.conf 2>/dev/null || echo "no-allow-transfer"
matchers:
- type: regex
part: code_1_response
regex:
- 'allow-transfer\s*\{\s*any;\s*\}'
# digest: 490a00463044022037476af6ea98c17d43d75d3cb57874705aeba154fd8e7ef8859748eafab0ebf702200a0d472b83fe677c4c703d4b82307a6c8b65f57418c549a3ad46b6cc13547206:922c64590222798bb761d5b6d8e72950