Przemysław Frasunek

Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless.

Przemysław Frasunek
Born (1983-05-06) 6 May 1983
Lublin, Poland
NationalityPolish

Vulnerability research

Notable vulnerabilities credited to Przemysław Frasunek:

  • CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
  • CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[6][7][8]
  • CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[9]
  • CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[10]
  • 2001 - FreeBSD 4.4 arbitrary file access vulnerability[11][12]
  • Kernel mode race condition exploit affecting FreeBSD 6.4.[13][14]
  • Kernel mode race condition exploit affecting FreeBSD 7.0.[15]
  • CVE-2010-4210 Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[16]

References
  1. WWW page on Frasunek's security research
  2. CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability
  3. Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136.
  4. tf8's version of the wu-ftpd 2.6.0 exploit
  5. scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
  6. NTP vulnerability, Cisco
  7. Vulnerabilities database, Securityfocus
  8. US-CERT Vulnerability Note
  9. , Secunia
  10. Secunia Advisory on Sun Solaris 8/9/10 vulnerability
  11. Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
  13. The Register article on FreeBSD 6.4 vulnerability
  14. FreeBSD Security Advisory
  15. FreeBSD Security Advisory
  16. FreeBSD Security Advisory
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.