Menu

#1634 Inquiry on issue found in TightVNC regarding #1629 (VN: JVNVU#91386313 / TN: JPCERT#99264152)

open
Anton
Security (1)
5
2024-06-24
2024-06-24
JPCERT/CC Vul-Handling Team
No 
Dear TightVNC support team,

Hello. This is Noriko Totsuka from JPCERT/CC Vulnerability
Coordination Group. We contacted you <support@glavsoft.com> 
on June 7 (Fri) JST(UTC+09:00) and June 17 to ask an appropriate 
point of contact to communicate/coordinate for #1629 
(https://sourceforge.net/p/vnc-tight/bugs/1629/).
But unfortunately, we have not received the reply.

We have received a report describing a issue found in the product
"TightVNC" from Masahiro Kawada of GMO Cybersecurity by Ierae, Inc.

Before submitting the report to us, he had contacted you via SourceForge, 
#1629, and reported/communicated/coordinated the case already, and
"Remotely accessible TightVNC password" issue had been 
already fixed and the updated version (TightVNC 2.8.84) has been released.

He submitted a report to us requesting the publication on
JVN (https://jvn.jp/en/) with CVE assigned to the issue.
We created the JVN advisory draft and attached it to this post for your review.
It is greatly appreciated if you would review it and return to us with any 
feedback/comments you may have. If you have a CVE ID for this issue, 
please let us know it in advance.

We are planning to publish the advisory on JVN at our timing, 
once we get the reply from you and everything is set and ready.

If you're not familiar with us or our activities, please
check "About us" at the end of this email for more information.

Masahiro Kawada provided us your point-of-contact email address
<support@glavsoft.com> to further communicate/coordinate
with you for the JVN publication. If this is not the correct address, 
we would like to know the appropriate point-of-contact person,
or department/group/team to communicate on this issue.
It would be greatly appreciated if you could provide us the following
information at your earliest convenience.

 -Name of the persons/team who is in charge of such issues
  *Please assign at least 2 persons (primary and backup).
   If you have a division/team to handle such issue,
   please provide us a name of division/team.

 -Email address
  *Please provide us email addresses of the primary person
   and backup person.
   If you have a division/team, please provide us a group-mail
   address.

 -PGP key if available

About us:
We are working as a vulnerability information coordinator between
the reporters and the software vendors relevant to the reports.
Our activities are based on the vulnerability handling framework
called "Information Security Early Warning Partnership" and "Heisei
era 29 #19 Ministry of Economy, Trade and Industry (METI) Official
Announcement, Software Vulnerability Related Information Handling
Measures".
Please check the following websites for more information.
  https://www.jpcert.or.jp/english/
  https://www.jpcert.or.jp/english/vh/project.html
  https://www.ipa.go.jp/security/guide/vuln/ug65p90000019by0-att/000059696.pdf
  https://jvn.jp/en/

If you have any questions or concerns, please do not hesitate
to contact us any time.

Thank you in advance for your attention on this email.
We would very much appreciate your prompt reply.

Sincerely yours,

Noriko Totsuka
Vulnerability Coordination Group
======================================================================
JPCERT Coordination Center (JPCERT/CC)
EMAIL: vuls@jpcert.or.jp
PGP key: 0xF652B38B: 9C3D 85CA 8E9E F820 9805  C9EF 4262 4548 F652 B38B
https://www.jpcert.or.jp/english/
1 Attachments
JVNVU91386313_20240624-FirstDraft.pdf

Discussion

Log in to post a comment.