lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ee228eda-764a-5c33-0c61-db89543a3ee7@zoller.lu>
Date: Mon, 24 Feb 2020 12:37:45 +0100
From: Thierry Zoller <thierry@...ler.lu>
To: fulldisclosure@...lists.org, bugtraq@...urityfocus.com
Subject: [FD] [TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic
 Malformed Archive Bypass

________________________________________________________________________

            From the lets-try-it-this-way Department
Qihoo360 | GDATA | Rising | Webroot | Dr Web  Generic Archive Bypass
________________________________________________________________________

Release mode    : Vendors do not react / Reverse Coordination Attempt
Ref             : [TZO-22-2020] - Qihoo360, GDATA, Escan, Rising, 
Command, K7 Computing, Ahnlab, Dr. Web, Webroot
Status          : Unpatched
Dislosure Policy: https://caravelahq.com/b/policy/20949

1. Summary
==========
Deviating from my Disclosure policy : Situations where the time it takes 
to discover a vulnerability is inferior to the time spend to coordinate 
it call for a new way to approach vulnerability coordination. I call it 
reverse coordination. As these are mostly low risk findings I personally 
do not have any issues with proceeding that way.

2. Description
==============
Qihoo360, GDATA, Escan, Rising, Command, K7 Computing, Ahnlab, Dr. Web, 
Webroot

3. Coordination
===============
Unless Qihoo, respectively GDATA, Escan, Rising, Command, K7 Computing, 
Ahnlab, Dr. Web, Webroot get into touch within the next 21 days, I will 
proceed to publish the vulnerabilities on this very list without any 
further communication attempt. Many attempts have been made.




_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ