Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
BID:21615
Info
Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
| Bugtraq ID: | 21615 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 15 2006 12:00AM |
| Updated: | Dec 15 2006 09:18PM |
| Credit: | Matousec is credited with the discovery of this issue. |
| Vulnerable: |
Symantec Sygate Personal Firewall 5.6.2808 Look 'n' Stop Look 'n' Stop 2.05p2 InfoProcess AntiHook 3.0 .23 Filseclab Personal Firewall 3.0 .8686 Comodo Personal Firewall 2.3.6 .81 AVG Anti-Virus plus Firewall 7.5.431 |
| Not Vulnerable: | |
Discussion
Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability.
An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer.
The following software is vulnerable; other versions may also be affected:
InfoProcess AntiHook version 3.0.0.23
AVG Anti-Virus plus Firewall version 7.5.431
Comodo Personal Firewall version 2.3.6.81
Filseclab Personal Firewall version 3.0.0.8686
Look 'n' Stop Personal Firewall version 2.05p2
Symantec Sygate Personal Firewall version 5.6.2808
Multiple vendor firewalls and HIPS (host-based intrusion prevention systems) are prone to a process-spoofing vulnerability.
An attacker can exploit this issue to have an arbitrary malicious program appear to run as a trusted process and function undetected on an affected victim's computer.
The following software is vulnerable; other versions may also be affected:
InfoProcess AntiHook version 3.0.0.23
AVG Anti-Virus plus Firewall version 7.5.431
Comodo Personal Firewall version 2.3.6.81
Filseclab Personal Firewall version 3.0.0.8686
Look 'n' Stop Personal Firewall version 2.05p2
Symantec Sygate Personal Firewall version 5.6.2808
Exploit / POC
Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Multiple Vendor Firewall HIPS Process Spoofing Vulnerability
References:
References:
- AntiHook Homepage (InfoProcess)
- AVG Anti-Virus Homepage (AVG)
- Comodo Homepage (Comodo)
- Product Homepage (Filseclab)
- Symantec Homepage (Symantec)
- Vendor Homepage (Look 'n' Stop)
- Bypassing process identification of several personal firewalls and HIPS (Matousec - Transparent Security Research)