[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Trying to send mail to Broadcom

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Trying to send mail to Broadcom
From: Tony Naggs <tonynaggs@xxxxxxxxx>
Date: Mon, 27 May 2013 09:55:05 +0100

On 3 May 2013 23:22, Jann Horn <jann@xxxxxxxxx> wrote:
> So, I found a vuln for overwriting kernel memory in kernel code by Broadcom 
> for the
> Raspberry Pi (afaik not in the official kernel sources, just in the patched
> kernel sources for the raspberry pi). It requires you to be in the "video" 
> group,
> so it's not very interesting, I think, but I thought, hey, before you share 
> your
> PoC for causing a kerneloops with FD, maybe you should contact Broadcom and 
> tell
> them so they have a chance to write a fix!

If you didn't make any progress with contacting Broadcom in the
meantime I have a couple of suggestions ...

1. The security@ mailbox gets to the right people at some companies.

2. The main guy behind Rasberry Pi, Eben Upton, works at Broadcom, so
you could ask them for advice on reporting the issue.

Cheers,
Tony

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Trying to send mail to Broadcom
  - From: Jann Horn

Prev by Date: [Full-disclosure] PayPal Bug Bounty #78 FR - Remote SQL Injection Vulnerability
Next by Date: [Full-disclosure] DC4420 - London DEFCON - May meet - Tuesday 28th May 2013
Previous by thread: [Full-disclosure] Trying to send mail to Broadcom
Next by thread: [Full-disclosure] Vulnerability in Microsoft Security Essentials <v4.2
Index(es):
- Date
- Thread