Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

GHOST 2.0: What do you need to know about the glibc getaddrinfo vulnerability

  • Friday, February 19, 2016 at 3:00 PM EDT (2016-02-19 20:00:00 UTC)
  • Johannes Ullrich, PhD, Chris Eng


  • Veracode

You can now attend the webcast using your mobile device!



On Tuesday, the Google security team published a blog post with details about a new vulnerability in glibc. The vulnerability affects getaddrinfo, a modern replacement for gethostbyname which was the root cause of last years GHOST vulnerability. In this webcast, you will learn how to identify vulnerable systems and what options you have available to mitigate the vulnerability in addition to patching. We will also cover some of the intricacies of DNS that contribute to the vulnerability and will help you better understand what went wrong in this case.

Speaker Bios

Johannes Ullrich, PhD

As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.

Chris Eng

Chris Eng has over 15 years of application security experience. As Vice President of Research at Veracode, he leads the team responsible for integrating security expertise into Veracode's technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world's largest companies.

Chris is a frequent speaker at premier industry conferences, such as BlackHat, RSA, OWASP, and CanSecWest, where he has presented on a diverse range of application security topics, including cryptographic attacks, agile security, mobile application security, and security metrics. Chris has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets regarding security trends and noteworthy events. Additionally, he has served on the advisory board of the SOURCE Boston conference since its inception.

Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California. Chris is an unabashed supporter of the Oxford comma and hates when you use the word "ask" as a noun.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.