Suyash Nalawade
I am a dedicated Software Engineer, specializing in Linux packages, with a deep passion for security, open source, and Python. I break down complex security challenges into clear, accessible insights. I have presented a well-received talk at DevConf India, where I helped engineers and students understand Denial of Service attacks with live demos. I have also volunteered to organize tech conferences and hackathons, nurturing a collaborative community that drives innovation and continuous learning.
Associate Software Maintainence Engineer
Company or affiliation –Red Hat
Session
In this talk, we’ll explore in detail about Remote Code Execution (RCE) and Arbitrary Command Execution attacks by diving into real-world vulnerabilities. I intend to explain how attackers exploit popular open source libraries through specific CVEs.
Vulnerabilities that we will look into: (See notes for detailed explanation)
-
CVE-2024-47076: cups-filters:
A vulnerability in CUPS allows attackers to exploit a flaw in how it processes print requests. By sending a malformed request, an attacker can trigger a memory issue, potentially leading to the attacker taking control of the system. -
CVE-2024-6345: python-setuptools:
Attackers can leverage weaknesses in the package_index module to run arbitrary code during package downloads, potentially compromising entire Python build environments. -
CVE-2024-32002: git:
A vulnerability enables code execution during the cloning of local repositories, posing a risk to version control workflows.
This session includes a live demo showcasing an attack scenario in a controlled environment, providing attendees with practical insights into exploit execution.