 |
Post At1isjFelTuC1h0Nfc by [email protected] |
 |
More posts by [email protected] |
|
Post #AsioSp0Jf7OA3mcYhU by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Ivanti CVE-2025-22457 is being exploited ITW.https://forums.ivanti.com/s/articl… |
|
|
|
Post #AsioSp87C7cwRyGmrA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann Ah yes, the Ivanti "factory reset". π |
|
|
|
Post #AsiswJbjMFdHBoRMX2 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Given that the web server on an ICS runs as the limited nr user, both the Ivant… |
|
|
|
Post #AsiswJi6yWjjVbQSTg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Now, regarding the "silent fix" of CVE-2025-22457, which per Ivanti:T… |
|
|
|
Post #Asit1VREnaZ9KW0Wsi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann omfg |
|
|
|
Post #Asl8YwMXbSla1E8CWG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
And per the excellent folks at watchTowr, we can see what the vulnerability is:… |
|
|
|
Post #Asl96nmK1dZtF1KvcO by [email protected] |
|
0 likes, 1 repeats |
|
|
|
If I look closer at the difference between the vulnerable version and the "… |
|
|
|
Post #AstYorfSygxIAFuu0m by [email protected] |
|
0 likes, 0 repeats |
|
|
|
If we poke around with various sizes/contents of the buffer that we send, we ca… |
|
|
|
Post #AstYorlqay3kU2tzxQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann can you do a partial overwrite to replace the first, second, or third… |
|
|
|
Post #AstZ8Xs4I7wEYdCC24 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@iagox86 Yeah, I can do an overwrite of the last two bytes of the return addres… |
|
|
|
Post #Aszqa2rC3hv6e9FEmG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Rapid7 has provided details and a PoC for how to exploit this:https://attackerk… |
|
|
|
Post #Aszqa2zLZORT3R3kUC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
FWIW, I cannot reproduce the Rapid7 PoC. Per the R7 write-up, they can get arou… |
|
|
|
Post #Aszqa35jBfXvNE2qQq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Why am I seeing a difference with my heap allocation addresses vs. what Stephen… |
|
|
|
Post #Aszqa3BkpGMnfurepE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann Hey thanks for this! Stephen's out of office for the next couple … |
|
|
|
Post #AszsfhlTakyosNOgSW by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@catc0n I've been DM'ing with him on the Bad Site. So I think we're… |
|
|
|
Post #At1cx4PlQKbH5zQ5BY by [email protected] |
|
0 likes, 0 repeats |
|
|
|
Upon further investigation, because that's how I am, I've confirmed tha… |
|
|
|
Post #At1cx4WqzyGtRyjkEi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
Well this is hilarious. When looking closer at Stephen's screenshot, I noti… |
|
|
|
Post #At1fpMY8PjOCt0Lque by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@catc0n With some info from him and some troubleshooting on my end, I figured i… |
|
|
|
Post #At1iNHZPdL3JCHFcjg by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@wdormann computering is hard π |
|
|
|
Post #At1ic68aQEeE5Clg0m by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@catc0n Nobody knows how they work.N O B O D Y |
|
|
|
Post #At1isj7VFnNpcPBrxg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann Reminds me of this particular moment for me (tl;dr is: imagine someon… |
|
|
|
Post #At1isjFelTuC1h0Nfc by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann "NOTE THIS WELL! DO NOT REMOVE THIS EMPTY SUBROUTINE!On 2024-12-… |
|
|
|
Post #At1isjMOMRIEMa9lAW by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann "This determined that the program counter had somehow been trans… |
|
|
|
Post #At1isjTpulFQjfdhlw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann "Not to be deterred, I decided that given the code had never bee… |
|
|
|
Post #At1isjaZVidT4Yn5Gq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann "Be that as it may, I didn't want to so rashly abandon my fi… |
|
|
|
Post #At1isjhJ6g1VPRwSlk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann "Now, with further investigation, we understand more clearly tha… |
|
|
|
Post #At1isjnKkGqNi8lHA8 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@somebody Obviously. π |
|
|
|
Post #At1jyt8L2L4CMm5Cym by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@wdormann |
|
|
|
Post #At1jytEMfvt4fSu1NA by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@pauliehedron So true... |
|
|
|
Post #At5h9yHkhSzoIdv3Mu by [email protected] |
|
0 likes, 1 repeats |
|
|
|
As I dig deeper into this mystery, I've discovered that I'm (as expecte… |
