subject:"\[FD\] BitDefender Total Security 2018 \- Insecure Pipe Permissions"

Re: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions

2018-03-13 Thread Alex BALAN

Hello,

Allow me to fix this for you:

> On 6 Mar 2018, at 20:04, filipe  wrote:
> 
> =[ Timeline of disclosure
> ]===
> 
> 01/24/2018 - Vendor was informed of the vulnerability.
> 01/29/2018 - Vendor did not respond.

01/25/2018 - We replied notifying you that we’ve opened a ticked with the 
relevant team
01/26/2018 - We asked for a working PoC
01/31/2018 - You replied with a theoretical “PoC” (no code, just a few steps 
which didn’t really help, sadly)
02/01/2018 - We replied asking for a script, a piece of code, a video, anything 
that backs up your claim since we didn’t reproduce it based on the steps you 
provided.
02/12/2018 - We notified you that we closed the ticket since you stopped 
replying

> 01/24/2018 - CVE assigned [2]
> 03/06/2018 - Advisory publication date.

We take our bugbounty programs very seriously and other than some Nigerian 
princes and fake LinkedIn invites we reply to _all_ reports, valid, invalid or 
incredibly ridiculous alike. As such, you may imagine why, when we saw an 
advisory with our name saying “Vendor did not respond”, the team felt a bit 
disappointed for failing to reply for the first time in a few years. Thankfully 
this was not the case.

If you still believe this is a genuine issue, exploitable in real life and you 
have some evidence to back that up, let us know and we’ll gladly reopen the 
ticket.

Cheers,
—
Alex “Jay” BALAN
Chief Security Researcher
Bitdefender

signature.asc
Description: Message signed with OpenPGP

___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[FD] BitDefender Total Security 2018 - Insecure Pipe Permissions

2018-03-09 Thread filipe

=[ Tempest Security Intelligence - ADV-19/2018 ]===

BitDefender Total Security 2018 - Insecure Pipe Permissions
---
Author:
- Filipe Xavier Oliveira: https://www.bitdefender.com.br/
[2] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6183
[3] - http://www.tempest.com.br/

-- 
Filipe Oliveira
Tempest Security Intelligence


___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Re: [FD] BitDefender Total Security 2018 - Insecure Pipe Permissions

[FD] BitDefender Total Security 2018 - Insecure Pipe Permissions

2 matches

Site Navigation

Mail list logo

Footer information