Comodo DLL injection via weak hash function exploitation Vulnerability

2007.02.23
Credit: Matousec
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 4.6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hello, We would like to inform you about a vulnerability in Comodo Firewall Pro. Description: Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used as a reliable cryptographic hashing function because it is possible to generate collisions in real time. The character of CRC32 allows attacker to construct a malicious module with the same CRC32 checksum as a chosen trusted module in the target system and thus bypass the protection of the component control. Vulnerable software: * Comodo Firewall Pro 2.4.17.183 * Comodo Firewall Pro 2.4.16.174 * Comodo Personal Firewall 2.3.6.81 * probably all older versions of Comodo Personal Firewall 2 * possibly older versions of Comodo Personal Firewall More details and a proof of concept including its source code are available here: http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-ha sh-function-exploitation.php Regards, -- Matousec - Transparent security Research http://www.matousec.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top