Lucene search

[email protected]CVE-2007-1051

HistoryFeb 21, 2007 - 11:28 p.m.

CVE-2007-1051

2007-02-2123:28:00

[email protected]

web.nvd.nist.gov

comodo firewall

crc32

module identification

security bypass

weak hashing function

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.

Affected configurations

NVD

Node

comodocomodo_firewall_proRange≤2.4.17.183

CPENameOperatorVersion
comodo:comodo_firewall_procomodo comodo firewall prole2.4.17.183

CPE	Name	Operator	Version
comodo:comodo_firewall_pro	comodo comodo firewall pro	le	2.4.17.183

References

lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html

osvdb.org/45243

securityreason.com/securityalert/2279

www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php

www.securityfocus.com/archive/1/460209/100/100/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/32530

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-1051

prion1 cvelist1 nvd1 securityvulns1