| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ee228eda-764a-5c33-0c61-db89543a3ee7@zoller.lu>
Date: Mon, 24 Feb 2020 12:37:45 +0100
From: Thierry Zoller <thierry@...ler.lu>
To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com
Subject: [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed
Archive Bypass
________________________________________________________________________
From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web Generic Archive Bypass
________________________________________________________________________
Release mode : Vendors do not react / Reverse Coordination Attempt
Ref : [TZO-22-2020] - Qihoo360, GDATA, Escan, Rising,
Command, K7 Computing, Ahnlab, Dr. Web, Webroot
Status : Unpatched
Dislosure Policy: https://caravelahq.com/b/policy/20949
1. Summary
==========
Deviating from my Disclosure policy : Situations where the time it takes
to discover a vulnerability is inferior to the time spend to coordinate
it call for a new way to approach vulnerability coordination. I call it
reverse coordination. As these are mostly low risk findings I personally
do not have any issues with proceeding that way.
2. Description
==============
Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web,
Webroot
3. Coordination
===============
Unless Qihoo, respectively GDATA, Escan, Rising, Command, K7 Computing,
Ahnlab, Dr. Web, Webroot get into touch within the next 21 days, I will
proceed to publish the vulnerabilities on this very list without any
further communication attempt. Many attempts have been made.
Powered by blists - more mailing lists