ISC StormCast for Tuesday, May 11th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 11 May 2021
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, May 11, 2021 edition of the Sandsenet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida. |
| 0:13.5 | I wrote a quick post today about some of these recent vulnerabilities in IP address validation libraries. In particular, the problem |
| 0:24.7 | or the root cause of these vulnerabilities was how addresses that are expressed in Octal are |
| 0:31.4 | being parsed by these libraries. And for the most part, well, these libraries didn't really take Actal into account that then |
| 0:40.0 | led to problems how the IP addresses were validated. This would not really be that big of a |
| 0:45.8 | problem if the library that then actually does the network connection did use a similar |
| 0:52.3 | interpretation of these IP addresses. But pretty much any software |
| 0:57.5 | that connects to a network service or implements a network service does use the Basic C-Sockets |
| 1:06.5 | library, and yes, that library does parse Octal IP addresses. Now, this library also provides |
| 1:14.6 | a function, INET A2N, that does convert IP addresses expressed as a string into an integer. And that's |
| 1:23.8 | probably a safer function to use because it's part of the same library. |
| 1:28.3 | It does interpret IP addresses the same way as the functions that actually establish the connections. |
| 1:35.3 | Instead, many of these vulnerable libraries and languages are sort of re-implementing this iNet |
| 1:43.3 | A2N function by parsing strings essentially, which is very |
| 1:49.1 | difficult to get just right, meaning just the same way as the Sockets library interprets |
| 1:56.1 | these addresses. After all, in the end, a long unsigned integer or a 32-bit integer is the way how IP addresses |
| 2:05.6 | are in the end represented internally. So how you're converting from the string to the |
| 2:10.4 | integer, that's really where the vulnerabilities and the problems happen. So in short, if you |
| 2:16.4 | ever find yourself having to validate |
| 2:19.0 | an IP address, well, don't mix libraries, use some well validated libraries, and don't try to |
| 2:26.5 | rewrite your own INET A2N. And well, Apple's air tags are about two weeks old, at least two weeks out of in consumer |
| 2:36.6 | hands, and we got our first jailbroken air tax. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.