ICS 22.7R2.6 does use a stack canary and Fortify, and has full relro for the web binary.
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/275/562/489/795/107/original/21b3dd2357824bab.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/275/562/489/795/107/original/21b3dd2357824bab.png
Notices where this attachment appears
-
Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Friday, 04-Apr-2025 04:08:51 JST 
Will Dormann
Now, regarding the "silent fix" of CVE-2025-22457, which per Ivanti:
This vulnerability has been remediated in Ivanti Connect Secure 22.7R2.6 (released February 11, 2025)
That word remediated...
Careful readers will see that Ivanti didn't fix the vulnerability in 22.7R2.6.
What changed in 22.7R2.6? With this version, Ivanti compiled some of the ICS binaries with exploit mitigations that have been around for 20 years. And wouldn't you know it, it paid off already? Everybody's gotta learn sometime...
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.