Przemysław Frasunek

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Przemysław Frasunek
Born (1983-05-06) May 6, 1983 (age 31)
Lublin, Poland
Nationality Polish

Przemysław Frasunek (also known as venglin, born May 6, 1983) is a "white hat" hacker and computer security expert from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless.

Vulnerability research[edit]

Notable vulnerabilities credited to Przemysław Frasunek:

  • CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
  • CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[6][7][8]
  • CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[9]
  • CVE-2005-2072, Privilege escalation (local root exploit) affecting Sun Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[10]
  • FreeBSD 4.4 arbitrary file access vulerability[11][12]
  • Kernel mode race condition exploit affecting FreeBSD 6.4.[13][14]
  • Kernel mode race condition exploit affecting FreeBSD 7.0.[15]
  • Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[16]

External links[edit]

References[edit]

  1. ^ WWW page on Frasunek's security research
  2. ^ Software exploit for the WU-FTPD format string vulnerability
  3. ^ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. 
  4. ^ tf8's version of the wu-ftpd 2.6.0 exploit
  5. ^ scut / team-teso Exploiting Format String Vulnerabilities v1.2 September 9, 2001
  6. ^ NTP vulnerability, Cisco
  7. ^ Vulnerabilities database, Securityfocus
  8. ^ US-CERT Vulnerability Note
  9. ^ [1], Secunia
  10. ^ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
  11. ^ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. 
  12. ^ [2]
  13. ^ The Register article on FreeBSD 6.4 vulnerability
  14. ^ FreeBSD Security Advisory
  15. ^ FreeBSD Security Advisory
  16. ^ FreeBSD Security Advisory