[dns-operations] Please issue CVEs for servers that BADVERS/FORMERR for Unknown EDNS options.
pieter.lexis at powerdns.com
Tue Feb 14 11:24:12 UTC 2017
On Tue, 14 Feb 2017 12:58:10 +1100
Mark Andrews <marka at isc.org> wrote:
> Servers with these behaviours are causing interop issues.
Mitre describes CVE's as "Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities".
The desire to get these bad implementations off the internet, bad interop is not a security issue by itself and I don't believe CVE's will be issued for these issues.
The dns-violations initiative, combined with informing vendors, users and operators might be only way to do this.
1 - https://cve.mitre.org/about/
More information about the dns-operations