Date: Mon, 8 Jul 2024 18:17:47 +0000 From: "Wall, Stephen" <stephen.wall@redcom.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: CVE 2024 1931 - unbound Message-ID: <MW4PR09MB9284452ECA372C772DE769E5EEDA2@MW4PR09MB9284.namprd09.prod.outlook.com> In-Reply-To: <E85FFAE3-5722-4159-BAE6-91718C7913BC@tetlows.org> References: <MW4PR09MB92849E1CFE06CB46D2986DA9EED62@MW4PR09MB9284.namprd09.prod.outlook.com> <86jzi71tjx.fsf@ltc.des.dev> <MW4PR09MB92843F5CB46E4B10DA4F726AEEDD2@MW4PR09MB9284.namprd09.prod.outlook.com> <E85FFAE3-5722-4159-BAE6-91718C7913BC@tetlows.org>
index | next in thread | previous in thread | raw e-mail
> If the user has messed with the configuration > of the local_unbound resolver to open it up to the network and get DoS’d from > the remote network, I don’t feel this is something secteam is responsible for > responding to. Thanks, Gordon. That's a fair point. Security scanners will still find unbound 1.19.1, though, and report it as vulnerable. An advisory (or errata?) explaining the situation would make it clear that there is no actual vulnerability in the base system unbound. Just my $.02, take it or leave it. -spwhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MW4PR09MB9284452ECA372C772DE769E5EEDA2>