Przemysław Frasunek

Przemysław Frasunek
Przemysław Frasunek
Born	6 May 1983; Lublin, Poland
Nationality	Polish

Przemysław Frasunek (also known as venglin, born 6 May 1983) is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s,^[1] noted for one of the first published successful software exploits for the format string bug class of attacks,^[2]^[3] just after the first exploit of the person using nickname tf8.^[4]^[5] Until that time the vulnerability was thought harmless. He is the CEO of Redge Technologies.^[6]

Vulnerability research

Notable vulnerabilities credited to Przemysław Frasunek:

CVE-2000-0573, Format string bug in WU-FTPD (remote root exploit), one of the first exploits for the format string bug class of attacks.
CVE-2001-0414, Buffer overflow (remote root exploit) in NTP server, affecting wide range of systems.^[7]^[8]^[9]
CVE-2004-0794, Signal race condition in FTP server, affecting NetBSD and Mac OS X.^[10]
CVE-2005-2072, Privilege escalation (local root exploit) affecting Solaris versions 8, 9, 10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris.^[11]
2001 - FreeBSD 4.4 arbitrary file access vulnerability^[12]^[13]
Kernel mode race condition exploit affecting FreeBSD 6.4.^[14]^[15]
Kernel mode race condition exploit affecting FreeBSD 7.0.^[16]
CVE-2010-4210 Kernel mode null pointer dereference exploit affecting FreeBSD 7.0 to 7.2.^[17]

References

^ WWW page on Frasunek's security research
^ CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability
^ Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. ISBN 9781439851265.
^ tf8's version of the wu-ftpd 2.6.0 exploit
^ scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09
^ "Q&A with Przemyslaw Frasunek, Redge Technologies". Broadband TV News. 2023-01-19.
^ NTP vulnerability, Cisco
^ Vulnerabilities database, Securityfocus
^ US-CERT Vulnerability Note
^ [1], Secunia
^ Secunia Advisory on Sun Solaris 8/9/10 vulnerability
^ Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.
^ "Bugtraq".
^ The Register article on FreeBSD 6.4 vulnerability
^ FreeBSD Security Advisory
^ FreeBSD Security Advisory
^ FreeBSD Security Advisory

External links

[1] WWW page on Frasunek's security research

[2] CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability

[3] Graham, James; Howard, Richard (2011). Cyber Security Essentials. p. 136. ISBN 9781439851265.

[4] tf8's version of the wu-ftpd 2.6.0 exploit

[5] scut / team-teso Exploiting Format String Vulnerabilities v1.2 2001-09-09

[6] "Q&A with Przemyslaw Frasunek, Redge Technologies". Broadband TV News. 2023-01-19.

[7] NTP vulnerability, Cisco

[8] Vulnerabilities database, Securityfocus

[9] US-CERT Vulnerability Note

[10] [1], Secunia

[11] Secunia Advisory on Sun Solaris 8/9/10 vulnerability

[12] Dowd, Mark; McDonald, John (2007). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities.

[13] "Bugtraq".

[14] The Register article on FreeBSD 6.4 vulnerability

[15] FreeBSD Security Advisory

[16] FreeBSD Security Advisory

[17] FreeBSD Security Advisory

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]