Przemysław Frasunek

Przemysław Frasunek

Przemysław Frasunek (also known as venglin, born May 6, 1983) is a "white hat" hacker and computer security expert from Poland. He has been a frequent Bugtraq poster since late in the 1990s [ [http://www.frasunek.com/#security WWW page on Frasunek's security research] ] , noted for one of the first published successful software exploits for the format string bug class of attacks [ [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0573 Software exploit for the WU-FTPD format string vulnerability] ] [ [http://vulnerability.computer.science.en.wikivx.biz/ Software vulnerabilities' descriptions at wikivx.biz] ] , just after the first exploit of the person using nickname tf8 [ [http://marc.info/?l=bugtraq&m=96171893218000&w=2 tf8's version of the wu-ftpd 2.6.0 exploit] ] [scut / team-teso [http://julianor.tripod.com/bc/formatstring-1.2.pdf Exploiting Format String Vulnerabilities] v1.2 September 9, 2001] . Until that time the vulnerability was thought harmless.

Reported Bugs

Notable vulnerabilities credited to Przemysław Frasunek:
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0573 CVE-2000-0573] , Format string bug in WU-FTPD ("remote root exploit"), one of the first exploits for the format string bug class of attacks. [ [http://diuf.unifr.ch/tns/teaching/SecurityThreads/Zindel_BufferOverflowAndFormatStrings.pdf Buffer Overflow & Format Strings - Seminar on Computer Security] ] .
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0414 CVE-2001-0414] , Buffer overflow ("remote root exploit") in NTP server, affecting wide range of systems [ [http://www.cisco.com/warp/public/707/cisco-sa-20020508-ntp-vulnerability.pdf NTP vulnerability] , Cisco] [ [http://www.securityfocus.com/bid/2540 Vulnerabilities database] , Securityfocus] .
* [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2072 CVE-2005-2072] , Privilege escalation ("local root exploit") affecting Sun Solaris versions 8,9,10 and OpenSolaris operating systems, discovered two weeks after public release of the OpenSolaris [ [http://secunia.com/advisories/15841/ Secunia Advisory on Sun Solaris 8/9/10 vulnerability] ] .

External links

* [http://www.frasunek.com Przemysław Frasunek's personal home page]

References

:


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Format string attack — Format string attacks are a class of software vulnerability discovered around 1999. Previously thought harmless, Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user… …   Wikipedia

  • Formatstring-Angriff — Der Begriff Formatstring Angriff beschreibt das Ausnutzen einer Sicherheitslücke, welche im Jahr 1999 von Przemysław Frasunek und tf8 entdeckt wurde. Der erste Exploit, der diese Technik ausnutzte, erlaubte es einem Angreifer, die Kontrolle über… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”