2025-09-19 –, 106 (Capacity 45)
In this talk, we’ll explore in detail about Remote Code Execution (RCE) and Arbitrary Command Execution attacks by diving into real-world vulnerabilities. I intend to explain how attackers exploit popular open source libraries through specific CVEs.
Vulnerabilities that we will look into: (See notes for detailed explanation)
-
CVE-2024-47076: cups-filters:
A vulnerability in CUPS allows attackers to exploit a flaw in how it processes print requests. By sending a malformed request, an attacker can trigger a memory issue, potentially leading to the attacker taking control of the system. -
CVE-2024-6345: python-setuptools:
Attackers can leverage weaknesses in the package_index module to run arbitrary code during package downloads, potentially compromising entire Python build environments. -
CVE-2024-32002: git:
A vulnerability enables code execution during the cloning of local repositories, posing a risk to version control workflows.
This session includes a live demo showcasing an attack scenario in a controlled environment, providing attendees with practical insights into exploit execution.
Intermediate - attendees should be familiar with the subject
I am a dedicated Software Engineer, specializing in Linux packages, with a deep passion for security, open source, and Python. I break down complex security challenges into clear, accessible insights. I have presented a well-received talk at DevConf India, where I helped engineers and students understand Denial of Service attacks with live demos. I have also volunteered to organize tech conferences and hackathons, nurturing a collaborative community that drives innovation and continuous learning.