Przemysław Frasunek
The topic of this article may not meet Wikipedia's notability guideline for biographies. (January 2014) |
Przemysław Frasunek | |
---|---|
Born | Lublin, Poland | 6 May 1983
Nationality | Polish |
Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless.
Vulnerability research[]
Notable vulnerabilities credited to Przemysław Frasunek:
- CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
- CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[6][7][8]
- CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[9]
- CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[10]
- 2001 - FreeBSD 4.4 arbitrary file access vulnerability[11][12]
- Kernel mode race condition exploit affecting FreeBSD 6.4.[13][14]
- Kernel mode race condition exploit affecting FreeBSD 7.0.[15]
- CVE-2010-4210 Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[16]
References[]
- ^ WWW page on Frasunek's security research
- ^ CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability
- ^ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. ISBN 9781439851265.
- ^ tf8's version of the wu-ftpd 2.6.0 exploit
- ^ scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
- ^ NTP vulnerability, Cisco
- ^ Vulnerabilities database, Securityfocus
- ^ US-CERT Vulnerability Note
- ^ [1], Secunia
- ^ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
- ^ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
- ^ "Bugtraq".
- ^ The Register article on FreeBSD 6.4 vulnerability
- ^ FreeBSD Security Advisory
- ^ FreeBSD Security Advisory
- ^ FreeBSD Security Advisory
External links[]
Categories:
- 1983 births
- Living people
- Hackers
- Polish computer scientists
- Polish people stubs