[dns-operations] Please issue CVEs for servers that BADVERS/FORMERR for Unknown EDNS options.
edmonds at mycre.ws
Thu Feb 16 20:54:13 UTC 2017
Pieter Lexis wrote:
> Hi Mark,
> On Tue, 14 Feb 2017 12:58:10 +1100
> Mark Andrews <marka at isc.org> wrote:
> > Servers with these behaviours are causing interop issues.
> Mitre describes CVE's as "Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities".
> The desire to get these bad implementations off the internet, bad interop is not a security issue by itself and I don't believe CVE's will be issued for these issues.
> The dns-violations initiative, combined with informing vendors, users and operators might be only way to do this.
I wonder if firewall/IPS signatures for CVEs from years past could be
causing some of the interop issues seen today.
Though typically for those kinds of signatures you'd expect matched
packets to simply be dropped.
More information about the dns-operations