The topic of this article may not meet Wikipedia's notability guideline for biographies. (January 2014) |
Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.[6]
Przemysław Frasunek | |
---|---|
Born | Lublin, Poland | 6 May 1983
Nationality | Polish |
Vulnerability research
editNotable vulnerabilities credited to Przemysław Frasunek:
- CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
- CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[7][8][9]
- CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[10]
- CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[11]
- 2001 - FreeBSD 4.4 arbitrary file access vulnerability[12][13]
- Kernel mode race condition exploit affecting FreeBSD 6.4.[14][15]
- Kernel mode race condition exploit affecting FreeBSD 7.0.[16]
- CVE-2010-4210 Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[17]
References
edit- ^ WWW page on Frasunek's security research
- ^ CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability
- ^ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. ISBN 9781439851265.
- ^ tf8's version of the wu-ftpd 2.6.0 exploit
- ^ scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
- ^ "Q&A with Przemyslaw Frasunek, Redge Technologies". Broadband TV News. 2023-01-19.
- ^ NTP vulnerability, Cisco
- ^ Vulnerabilities database, Securityfocus
- ^ US-CERT Vulnerability Note
- ^ [1], Secunia
- ^ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
- ^ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
- ^ "Bugtraq".
- ^ The Register article on FreeBSD 6.4 vulnerability
- ^ FreeBSD Security Advisory
- ^ FreeBSD Security Advisory
- ^ FreeBSD Security Advisory