all InfoSec news
Unauthenticated Stack Buffer Overflows in Ivanti Avalanche
Aug. 14, 2023, 2:58 p.m. | Evan Grant
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered multiple stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0
A message sent to WLAvalancheService.exe on TCP port 1777 has the following structure:
// be = big-endian
struct item
{
be32 type; // data type, valid: 1-9, 100-102
be32 NameSize;
be32 ValueSize;
byte name[NameSize];
byte value[ValueSize]; // format depends on @type
// 3 - hex string
// 9 - list of decimal strings separated by ;
};
// header …
big buffer data ivanti message port researcher stack tcp tenable valid
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 5 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)