lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <FB24803D1DF2A34FA59FC157B77C970502D68B8F@idserv04.idef.com>
From: labs at iDefense.com (iDefense Labs)
Subject: iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability

Cary,

The discovery date is a typo and has been corrected on our website:

http://www.idefense.com/application/poi/display?id=116&type=vulnerabilit
ies

The corrected timeline is:

02/02/2004   Exploit discovered by iDEFENSE
03/11/2004   Initial vendor notification
03/11/2004   Initial vendor response
03/11/2004   iDEFENSE clients notified
06/07/2004   Vendor update released
07/12/2004   Public Disclosure

Greg pointed out my error shortly after the advisory was sent.

Regards,

Michael Sutton
Director, iDEFENSE Labs

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Cary Barker
Sent: Monday, July 12, 2004 3:27 PM
To: Full-Disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] iDEFENSE Security Advisory 07.12.04:
Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability


<snip>
02/02/2003   Exploit discovered by iDEFENSE
03/11/2004   Initial vendor notification
<snip>

Is that initial notification date a typo or did they sit on it for over
a year before notifying the vendor?

Cary Barker
Network Security Administrator
Campbell & Company, Inc.

-----Original Message-----
From: idlabs-advisories@...fense.com
[mailto:idlabs-advisories@...fense.com] 
Sent: Monday, July 12, 2004 10:50 AM
To: idlabs-advisories@...fense.com
Subject: [Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe
Reader 6.0 Filename Handler Buffer Overflow Vulnerability

<snip>



______________________________________________________________________
Campbell & Company, Inc.:  The information in this e-mail may contain
privileged/confidential information.  If you are not the intended
recipient, you must not read, use, copy or disseminate the information
or take any action in reliance thereupon.  If you have received this
e-mail in error, please notify Campbell & Company, Inc. immediately by
e-mail or telephone and delete the e-mail and any attachments from any
computer.  The information in this e-mail does not constitute an offer
to sell or the solicitation of an offer to buy any securities in any
jurisdiction or for the benefit of any person.  
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ