Ancestors

Written by Will Dormann on 2025-01-08 at 18:06

And here we have it.

CVE-2025-0282 and CVE-2025-0283

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283

CVE-2025-0282 (CVSS 9.0 stack buffer overflow) is being exploited in the wild.

=> More informations about this toot | More toots from wdormann@infosec.exchange

Written by Will Dormann on 2025-01-08 at 18:41

Without even knowing the details of the exploit, can we make some guesses about the feasibility of such attacks?

The vulnerability is a stack buffer overflow. What are the chances of being able to successfully exploit such bugs without needing to chain with a second bug? You know, since ASLR has been around on the Linux platform for about 20 years now.

Let's look at just the binaries in /home/bin on a recent Ivanti ICS device.

11 out of 241 executables have PIE enabled, and therefore are randomized with ASLR.

A job done, folks.

=> View attached media

=> More informations about this toot | More toots from wdormann@infosec.exchange

Written by Will Dormann on 2025-01-08 at 18:58

As we're pondering software excellence, let's look at how you can tell if your device is compromised.

You ask it, and hope it doesn't lie to you.

Sure, you "can" identify a bank robber by asking them if they robbed a bank. And if they're really bad at what they do, they might say yes.

The Ivanti ICT is the same concept. You ask your maybe-compromised device to pretty please run a scanner, and then tell you the results. This is the official company-sanctioned (and only official) way of checking the integrity of your ICS product.

=> View attached media | View attached media | View attached media

=> More informations about this toot | More toots from wdormann@infosec.exchange

Toot

Written by no brain no pain on 2025-01-08 at 19:05

@wdormann …shouldn’t that read ‚might identify‘ instead of ‚can identify‘…

=> More informations about this toot | More toots from nobrainnopain@social.tchncs.de

Descendants

Written by Will Dormann on 2025-01-08 at 19:06

@nobrainnopain

Yes, that would indeed be more accurate.

But to use those words would require that the vendor acknowledge the flaws in their software. 😂

=> More informations about this toot | More toots from wdormann@infosec.exchange

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113794293759500213
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 276.674178 milliseconds
Gemini-to-HTML Time: 2.038178 milliseconds

This content has been proxied by September (3851b).