Suyash Nalawade
Associate Software Maintainence Engineer @ Red Hat
Pune, India
Actions
I am a dedicated software engineer specializing in Linux packages, with a deep passion for security, open source, and Python. I break down complex security challenges into clear, accessible insights. I have presented a well-received talk at DevConf India, where I helped engineers and students understand vulnerabilities with live demos. I have also volunteered to organize tech conferences and hackathons, nurturing a collaborative community that drives innovation and continuous learning.
Area of Expertise
Topics
Print at Your Own Risk: Unveiling Critical Vulnerabilities in CUPS Filters
A critical vulnerability identified as CVE-2024-47175 was discovered in the Common UNIX Printing System (CUPS). This flaw arises from improper sanitization of IPP attributes within the libppd function ppdCreatePPDFromIPP2, potentially leading to remote code execution (RCE) when exploited in conjunction with other functions like cfGetPrinterAttributes5.
This lightning talk aims to provide an in-depth analysis of CVE-2024-47175, covering the following key aspects:
Vulnerability Overview: Detailed examination of the root cause, affected components.
Exploit Chain: Explanation of how CVE-2024-47175 can be part of an exploit chain leading to RCE, as highlighted in related vulnerabilities such as CVE-2024-47176.
Demonstration: A live demo showcasing the exploitation process in a controlled environment.
Mitigation Strategies: Discussion on detection methods, and best practices for securing installations against such vulnerabilities.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top