Another banger by watchtowr. Openconnect is an open-source VPN client that can be made to pretend its a VPN client for different VPNS, because of course, they all have a unique and serially miserable way of connecting to their special VPN appliance.
One of ivanti's connect methods is IF-T. There is a Client Capabilities field that IF-T supports that, if you provide it with more than 256bytes of data, boom, segfault. Also possible RCE if you can guess the right return addresses without knocking over the stack.
Comments
Displaying 0 of 0 comments