Przemysław Frasunek Explained
Przemysław Frasunek |
Birth Date: | 6 May 1983 |
Birth Place: | Lublin, Poland |
Nationality: | Polish |
Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2] [3] just after the first exploit of the person using nickname tf8.[4] [5] Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.[6]
Vulnerability research
Notable vulnerabilities credited to Przemysław Frasunek:
- , Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
- , Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[7] [8] [9]
- , Signal race condition in FTP server, affecting NetBSD and Mac OS X.[10]
- , Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[11]
- 2001 - FreeBSD 4.4 arbitrary file access vulnerability[12] [13]
- Kernel mode race condition exploit affecting FreeBSD 6.4.[14] [15]
- Kernel mode race condition exploit affecting FreeBSD 7.0.[16]
- Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[17]
External links
Notes and References
- http://www.frasunek.com/#security WWW page on Frasunek's security research
- Software exploit for the WU-FTPD format string vulnerability
- Book: Cyber Security Essentials . limited . 136 . Graham . James . Howard . Richard . 2011. 9781439851265 .
- http://marc.info/?l=bugtraq&m=96171893218000&w=2 tf8's version of the wu-ftpd 2.6.0 exploit
- scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
- News: Q&A with Przemyslaw Frasunek, Redge Technologies . Broadband TV News . 19 January 2023.
- http://www.cisco.com/en/US/products/csa/cisco-sa-20020508-ntp-vulnerability.html NTP vulnerability
- http://www.securityfocus.com/bid/2540 Vulnerabilities database
- http://www.kb.cert.org/vuls/id/970472 US-CERT Vulnerability Note
- http://secunia.com/advisories/12226/
- http://secunia.com/advisories/15841/ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
- Book: The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities . Dowd . Mark . McDonald . John . 2007.
- Web site: Bugtraq.
- https://www.theregister.co.uk/2009/09/14/freebsd_security_bug/ The Register article on FreeBSD 6.4 vulnerability
- http://www.freebsd.org/security/advisories/FreeBSD-SA-09:13.pipe.asc FreeBSD Security Advisory
- http://www.freebsd.org/security/advisories/FreeBSD-SA-09:14.devfs.asc FreeBSD Security Advisory
- http://www.freebsd.org/security/advisories/FreeBSD-SA-10:09.pseudofs.asc FreeBSD Security Advisory