This blog post walks you into the discovery of CVE-2022-43747 in baramundi Management Agent (bMA). CVE-2022-43747 is a buffer overflow vulnerability, which allows an attacker to achieve remote code execution when a certain condition is met. In this post I will demonstrate how I have discovered the vulnerability, what condition is required for code execution […]
Author Archives: Shadi Habbal
CVE, Security
[CVE-2022-43747] baramundi Management Agent – From Buffer Overflow to Remote Code Execution
29
Dec
Dec
baramundi Management Agent (bMA), a module of baramundi Management Suite (bMS) is affected by a buffer overflow vulnerability. An attacker could potentially exploit the vulnerability to crash the affected module, or achieve remote code execution when a certain condition is met.
16
Dec
Dec
CVE-2022-44654 is assigned to a weakness that I have discovered in the User-Mode Hooking (UMH) Monitoring Engine module of Trend Micro Apex One and Apex One as a Service. This module, which helps to monitor for malicious payloads on Windows by injecting itself into each user-mode process and hooking certain Windows APIs, is missing an […]
01
Mar
Mar
“Update Manager” v1.2.1.0 (and possibly earlier), a software component from otris software AG used by multiple otris applications, e.g. otris Privacy, to facilitate updating otris products; allows attackers, to escalate their privileges on Windows systems to SYSTEM (highest permissions on Windows), by exploiting a vulnerability in the aforementioned software.
CVE, Security
[CVE-2021-20532] IBM Spectrum Protect Backup-Archive Client & IBM Spectrum Protect for Virtual Environments: Local Privilege Escalation
02
May
May
I have always been fascinated by fat client applications and I believe this goes back almost 20 years ago to when I was a teenager with a computer and a passion to learn, and I still am, passionate to learn 🙂 My start was with HTML and Assembly, an odd combination I admit, but that […]
27
Oct
Oct
I started ticking differently after taking on the Corelan Advanced Win32 Exploit Development training last month at BruCON 0x0B. I am very delighted and excited about that, and looking forward to putting the new experience to more practical use. A NULL-pointer dereference According to Wikipedia¹: The program can potentially dereference a null pointer, thereby raising […]
20
Oct
Oct
Mooltipass is a hardware-based password manager that is simple to use and provides an added layer of security (say no more to passwords-reuse). The passwords that are stored on the device are encrypted with AES-256, where the encryption key is stored on an external card, that works as a 2FA-token. The key on the card […]
20
Oct
Oct
Welcome to our new blog. My first blog post dates back to 27.10.2008, Wow! 11 years ago, when I used to post randomly about different technical stuff, but different times call for different measures. From now on, I will be blogging about stuff that only matters /!\