Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
BID:22570
Info
Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
| Bugtraq ID: | 22570 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 15 2007 12:00AM |
| Updated: | Feb 15 2007 05:47PM |
| Credit: | This issue was discovered by Matousec Transparent Security. |
| Vulnerable: |
Comodo Personal Firewall 2.3.6 .81 Comodo Firewall Pro 2.4.17 .183 Comodo Firewall Pro 2.4.16 .174 |
| Not Vulnerable: | |
Discussion
Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls.
Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.
Comodo Firewall Pro 2.4.17.183 and 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected.
Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls.
Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.
Comodo Firewall Pro 2.4.17.183 and 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected.
Exploit / POC
Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Comodo Firewall Flawed Component Control Cryptographic Hash Vulnerability
References:
References:
- Comodo Homepage (Comodo)
- Comodo DLL injection via weak hash function exploitation Vulnerability (Matousec - Transparent security Research
- Comodo DLL injection via weak hash function exploitation Vulnerability (Matousec Transparent Security)