Overview
Explore the critical CVE-2015-7547 glibc getaddrinfo vulnerability in this 50-minute conference talk from the Hack In The Box Security Conference. Delve into the research conducted by security experts Gal De Leon and Nadav Markus, who developed a technique to exploit this vulnerability and achieve remote code execution. Learn how this flaw, which affects software compiled with GLIBC across multiple versions, can potentially be exploited remotely due to its presence in network address parsing code. Gain insights into the researchers' methodology, which extends beyond the initial crashing proof-of-concept published by Google, and understand the wide-ranging implications for various software products compiled using older GLIBC versions. Benefit from the expertise of De Leon and Markus, both security researchers at Palo Alto Networks, as they share their findings on this significant security issue and its potential impact on the cybersecurity landscape.
Syllabus
#HITB2016AMS CommSec Track D1 - Exploiting GLIBC: Hacking Everything - Gal De Leon and Nadav Markus
Taught by
Hack In The Box Security Conference