Przemysław Frasunek
| Przemysław Frasunek | |
|---|---|
| Born |
May 6, 1983 Lublin, Poland |
| Nationality | Polish |
Przemysław Frasunek (also known as venglin, born May 6, 1983) is a "white hat" hacker and computer security expert from Poland. He has been a frequent Bugtraq poster since late in the 1990s,[1] noted for one of the first published successful software exploits for the format string bug class of attacks,[2][3] just after the first exploit of the person using nickname tf8.[4][5] Until that time the vulnerability was thought harmless.
Vulnerability research
Notable vulnerabilities credited to Przemysław Frasunek:
- CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
- CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.[6][7][8]
- CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.[9]
- CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.[10]
- FreeBSD 4.4 arbitrary file access vulnerability[11][12]
- Kernel mode race condition exploit affecting FreeBSD 6.4.[13][14]
- Kernel mode race condition exploit affecting FreeBSD 7.0.[15]
- Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.[16]
References
- ↑ WWW page on Frasunek's security research
- ↑ Software exploit for the WU-FTPD format string vulnerability
- ↑ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136.
- ↑ tf8's version of the wu-ftpd 2.6.0 exploit
- ↑ scut / team-teso Exploiting Format String Vulnerabilities v1.2 September 9, 2001
- ↑ NTP vulnerability, Cisco
- ↑ Vulnerabilities database, Securityfocus
- ↑ US-CERT Vulnerability Note
- ↑ , Secunia
- ↑ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
- ↑ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
- ↑
- ↑ The Register article on FreeBSD 6.4 vulnerability
- ↑ FreeBSD Security Advisory
- ↑ FreeBSD Security Advisory
- ↑ FreeBSD Security Advisory
External links
This article is issued from Wikipedia - version of the 8/4/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.