Jump to content

Przemysław Frasunek

From Wikipedia, the free encyclopedia

Przemysław Frasunek
Born (1983-05-06) 6 May 1983 (age 41)
Lublin, Poland
NationalityPolish

Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.[6]

Vulnerability research

[edit]

Notable vulnerabilities credited to Przemysław Frasunek:

  • CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
  • CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[7][8][9]
  • CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[10]
  • CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[11]
  • 2001 - FreeBSD 4.4 arbitrary file access vulnerability[12][13]
  • Kernel mode race condition exploit affecting FreeBSD 6.4.[14][15]
  • Kernel mode race condition exploit affecting FreeBSD 7.0.[16]
  • CVE-2010-4210 Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[17]

References

[edit]
  1. ^ WWW page on Frasunek's security research
  2. ^ CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability
  3. ^ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. ISBN 9781439851265.
  4. ^ tf8's version of the wu-ftpd 2.6.0 exploit
  5. ^ scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
  6. ^ "Q&A with Przemyslaw Frasunek, Redge Technologies". Broadband TV News. 2023-01-19.
  7. ^ NTP vulnerability, Cisco
  8. ^ Vulnerabilities database, Securityfocus
  9. ^ US-CERT Vulnerability Note
  10. ^ [1], Secunia
  11. ^ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
  12. ^ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
  13. ^ "Bugtraq".
  14. ^ The Register article on FreeBSD 6.4 vulnerability
  15. ^ FreeBSD Security Advisory
  16. ^ FreeBSD Security Advisory
  17. ^ FreeBSD Security Advisory
[edit]