Re: BitDefender Total Security 2018 - Insecure Pipe Permissions

[Alex BALAN <abalan () bitdefender com>]

Hello,

Allow me to fix this for you:

> On 6 Mar 2018, at 20:04, filipe <filipe.xavier () tempest com br> wrote:
>
> =====[ Timeline of disclosure
> ]===============================================
>
> 01/24/2018 - Vendor was informed of the vulnerability.
> 01/29/2018 - Vendor did not respond.

01/25/2018 - We replied notifying you that we’ve opened a ticked with the relevant team
01/26/2018 - We asked for a working PoC
01/31/2018 - You replied with a theoretical “PoC” (no code, just a few steps which didn’t really help, sadly)
02/01/2018 - We replied asking for a script, a piece of code, a video, anything that backs up your claim since we 
didn’t reproduce it based on the steps you provided.
02/12/2018 - We notified you that we closed the ticket since you stopped replying

> 01/24/2018 - CVE assigned [2]
> 03/06/2018 - Advisory publication date.

We take our bugbounty programs very seriously and other than some Nigerian princes and fake LinkedIn invites we reply 
to _all_ reports, valid, invalid or incredibly ridiculous alike. As such, you may imagine why, when we saw an advisory 
with our name saying “Vendor did not respond”, the team felt a bit disappointed for failing to reply for the first time 
in a few years. Thankfully this was not the case.

If you still believe this is a genuine issue, exploitable in real life and you have some evidence to back that up, let 
us know and we’ll gladly reopen the ticket.

Cheers,
—
Alex “Jay” BALAN
Chief Security Researcher
Bitdefender

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/