[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Ve
|
From: |
Ulf Harnhammar |
|
Subject: |
Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability |
|
Date: |
Mon, 31 Oct 2005 09:53:45 +0100 |
> Well it is clearly the same person who made the September reports,
I have nothing to do with the iDEFENSE/vade79 bug.
> which did not discuss nntp or command execution. Seems he didn't
> bother to report his further findings to the list: it is not like
> we were hard to find back in September.
I reported the NULL dereferencing bug and not security-related buffer overflows
(with data from configuration files like lynx.cfg) in public in September, as I
saw them as bugs and not as security vulnerabilities.
The NNTP bug in October was treated as a secret, with communication between the
vendor and various distributors first, as I saw it as a vulnerability and as I
and the others from the Debian Security Audit Project believe in responsible
full disclosure.
Perhaps I should have posted something here about the NNTP bug when it was made
public on the 17th.
// Ulf Harnhammar
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com
Powered by Outblaze
- Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability,
Ulf Harnhammar <=