CVE-2020-9451: DoS in Acronis True Image 2020

This is the report I sent Acronis about these two DoS bugs in their ransomware protection service which they acknowledged. I lost track of whether or not these are fixed, but they had plenty of time to do it.

Posted on

CVE-2020-9452: Local privilege escalation in Acronis True Image 2020

anti_ransomware_service.exe includes a functionality to quarantine files which will copy the suspected ransomware file from one directory to another using SYSTEM privileges. As any unprivileged user has write permissions in the quarantine folder, it is possible to control this privileged write with a hardlink. This means that an unprivileged user can write/overwrite arbitrary files in arbitrary folders. Escalating privileges to SYSTEM is trivial with arbitrary writes. While the quarantine feature is not enabled per default, it can be forced to copy the file to the quarantine by communicating with the anti_ransomware_service.exe through its REST api.

Posted on

My 0-days

A continually updated list of the 0-days I am responsible for discovering. This is mainly for my own sake in order to keep track of them. I try to keep the order chronologically from newest to oldest

Posted on

My Tor Relay: If you build it, they will come

A showcase of how easy it is to setup and operate a Tor Relay. Everybody should support the right to privacy on the Internet and this is a very easy and convenient way to do it if you already have a VPS running somewhere.

Posted on

Creating My Digital Garden

I recently stumbled upon the phrase of a digital garden. The idea of personal, online notebook/blog which is mainly orchestrated for the author itself rather than an actual audience. Combined with all the fuss about static site generators such as Hugo, Jekyll, and what not, I decided to create my own digital garden using a static site generator.

Posted on