Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
BID:23987
Info
Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
| Bugtraq ID: | 23987 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 15 2007 12:00AM |
| Updated: | May 15 2007 07:58PM |
| Credit: | This issue was discovered by Matousec Transparent Security. |
| Vulnerable: |
Zone Labs ZoneAlarm Pro 6.1.744.001 Comodo Personal Firewall 2.3.6 .81 Comodo Firewall Pro 2.4.18 .184 |
| Not Vulnerable: |
Zone Labs ZoneAlarm Pro 6.5.737.000 |
Discussion
Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
Multiple personal firewall products are prone to a vulnerability that lets attackers bypass protection mechanisms. This issue occurs because the applications fail to properly implement protection mechanisms based on valid process identifiers.
Exploiting this issue allows local attackers to bypass protection mechanisms implemented to restrict access to the memory space of critical processes. This allows attackers to execute arbitrary code with elevated privileges; other attacks are also possible.
The following applications are vulnerable to this issue:
- Comodo Firewall Pro 2.4.18.184
- Comodo Personal Firewall 2.3.6.81
- ZoneAlarm Pro 6.1.744.001
Other applications and versions may also be affected.
Multiple personal firewall products are prone to a vulnerability that lets attackers bypass protection mechanisms. This issue occurs because the applications fail to properly implement protection mechanisms based on valid process identifiers.
Exploiting this issue allows local attackers to bypass protection mechanisms implemented to restrict access to the memory space of critical processes. This allows attackers to execute arbitrary code with elevated privileges; other attacks are also possible.
The following applications are vulnerable to this issue:
- Comodo Firewall Pro 2.4.18.184
- Comodo Personal Firewall 2.3.6.81
- ZoneAlarm Pro 6.1.744.001
Other applications and versions may also be affected.
Exploit / POC
Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
The reporter of this issue states that ZoneAlarm Pro version 6.5.737.000 and higher are not affected by this issue.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
The reporter of this issue states that ZoneAlarm Pro version 6.5.737.000 and higher are not affected by this issue.
References
Multiple Personal Firewall Products Local Protection Mechanism Bypass Vulnerability
References:
References:
- Comodo Homepage (Comodo)
- ZoneAlarm Product Page (Check Point)
- Bypassing PFW/HIPS open process control with uncommon identifier (Matousec - Transparent security Research