Przemysław Frasunek Explained

Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,^[1] noted for one of the first published successful software exploits for the format string bug class of attacks,^{[2] [3]} just after the first exploit of the person using nickname tf8.^{[4] [5]} Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.^[6]

Vulnerability research

Notable vulnerabilities credited to Przemysław Frasunek:

• , Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
• , Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.^{[7] [8] [9]}
• , Signal race condition in FTP server, affecting NetBSD and Mac OS X.^[10]
• , Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.^[11]
• 2001 - FreeBSD 4.4 arbitrary file access vulnerability^{[12] [13]}
• Kernel mode race condition exploit affecting FreeBSD 6.4.^{[14] [15]}
• Kernel mode race condition exploit affecting FreeBSD 7.0.^[16]
• Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.^[17]

External links

• • Exploits by Przemyslaw Frasunek at Exploit Db

Notes and References

1. http://www.frasunek.com/#security WWW page on Frasunek's security research
2. Software exploit for the WU-FTPD format string vulnerability
3. Book: Cyber Security Essentials . limited . 136 . Graham . James . Howard . Richard . 2011. 9781439851265 .
4. http://marc.info/?l=bugtraq&m=96171893218000&w=2 tf8's version of the wu-ftpd 2.6.0 exploit
5. scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
6. News: Q&A with Przemyslaw Frasunek, Redge Technologies . Broadband TV News . 19 January 2023.
7. http://www.cisco.com/en/US/products/csa/cisco-sa-20020508-ntp-vulnerability.html NTP vulnerability
8. http://www.securityfocus.com/bid/2540 Vulnerabilities database
9. http://www.kb.cert.org/vuls/id/970472 US-CERT Vulnerability Note
10. http://secunia.com/advisories/12226/
11. http://secunia.com/advisories/15841/ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
12. Book: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities . Dowd . Mark . McDonald . John . 2007.
13. Web site: Bugtraq.
14. https://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ The Register article on FreeBSD 6.4 vulnerability
15. http://www.freebsd.org/security/advisories/FreeBSD-SA-09:13.pipe.asc FreeBSD Security Advisory
16. http://www.freebsd.org/security/advisories/FreeBSD-SA-09:14.devfs.asc FreeBSD Security Advisory
17. http://www.freebsd.org/security/advisories/FreeBSD-SA-10:09.pseudofs.asc FreeBSD Security Advisory