[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lyn
|
From: |
vendor-disclosure |
|
Subject: |
[Lynx-dev] FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability |
|
Date: |
Fri, 28 Oct 2005 13:06:00 -0500 |
Thomas,
Thank you for responding. Please let us know how you'd like to proceed.
Michael
-----Original Message-----
From: vendor-disclosure [mailto:address@hidden
Sent: Thursday, October 27, 2005 1:53 PM
To: address@hidden
Cc: vendor-disclosure
Subject: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx
Command Injection Vulnerability
The attached advisory and email was originally submitted on 09/08/2005, but
a response has not yet been received. In accordance with our vendor
disclosure policy (http://www.idefense.com/legal_disclosure.jsp) we will
proceed with public disclosure of this issue if acknowledgement of receipt
is not received within five business days.
Regards,
Michael Sutton
Michael Sutton
Director, iDEFENSE Labs
iDEFENSE
1875 Campus Commons Drive, Suite 210
Reston, VA 20191
direct: 703.480.5628
voice: 703.390.1230
fax: 703.390.9456
address@hidden
www.idefense.com
-----Original Message-----
From: vendor-disclosure [mailto:address@hidden
Sent: Thursday, September 08, 2005 11:50 PM
To: address@hidden
Cc: vendor-disclosure
Subject: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx
Command Injection Vulnerability
The message below bounced.
-----Original Message-----
From: vendor-disclosure [mailto:address@hidden
Sent: Thursday, September 08, 2005 11:27 PM
To: address@hidden
Cc: vendor-disclosure
Subject: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command
Injection Vulnerability
iDEFENSE has identified a Command Injection vulnerability in Lynx. This
vulnerability was submitted to iDEFENSE through our Vulnerability
Contributor Program:
http://www.idefense.com/poi/teams/vcp.jsp
iDEFENSE Labs has validated this vulnerability and has drafted the
attached advisory. In accordance with our vendor disclosure policy
http://www.idefense.com/legal_disclosure.jsp
We would request that you acknowledge receipt of this initial
notification within five business days so that we may begin the process
of coordinating an appropriate public disclosure date for this issue
that will provide your company with adequate time to develop a patch or
workaround to mitigate this vulnerability. If you have questions
regarding this issue or require further details to assist with your own
analysis, please do not hesitate to contact us.
It is always our goal to coordinate on the public disclosure of
patches/advisories as quickly as possible after a vulnerability is
discovered. If however a reasonable timeframe cannot be agreed upon for
this issue, it will be publicly released in 60 days on 11/08/2005.
iDEFENSE is willing to work with a vendor to find a mutually agreeable
release date beyond this timeframe so long as the vendor continues to
make good faith efforts to produce patches in a timely fashion and
regularly informs iDEFENSE of their progress in doing so.
Please note that if the affected product is included within other
applications and/or operating systems, iDEFENSE will not be coordinating
disclosure of the vulnerability to affected third parties. We would ask
that you handle this coordination separately.
Regards,
Michael Sutton
Michael Sutton
Director, iDEFENSE Labs
iDEFENSE
1875 Campus Commons Drive, Suite 210
Reston, VA 20191
direct: 703.480.5628
voice: 703.390.1230
fax: 703.390.9456
address@hidden
www.idefense.com
pub_Multiple Vendor Lynx Command Injection Vulnerability.txt
Description: Text document
- [Lynx-dev] FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability,
vendor-disclosure <=