lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Feb 2020 12:37:45 +0100 From: Thierry Zoller <thierry@...ler.lu> To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com Subject: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass ________________________________________________________________________ From the lets-try-it-this-way Department Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass ________________________________________________________________________ Release mode : Vendors do not react / Reverse Coordination Attempt Ref : [TZO-22-2020] - Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot Status : Unpatched Dislosure Policy: https://caravelahq.com/b/policy/20949 1. Summary ========== Deviating from my Disclosure policy : Situations where the time it takes to discover a vulnerability is inferior to the time spend to coordinate it call for a new way to approach vulnerability coordination. I call it reverse coordination. As these are mostly low risk findings I personally do not have any issues with proceeding that way. 2. Description ============== Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot 3. Coordination =============== Unless Qihoo, respectively GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, Webroot get into touch within the next 21 days, I will proceed to publish the vulnerabilities on this very list without any further communication attempt. Many attempts have been made.
Powered by blists - more mailing lists