Lucene search
K

Comodo Firewall 2.3/2.4 - Flawed Component Control Cryptographic Hash

🗓️ 15 Feb 2007 00:00:00Reported by Matousec Transparent securityType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 19 Views

Comodo Firewall flawed cryptographic hash enables bypassing component control

Code
source: https://www.securityfocus.com/bid/22570/info

Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls.

Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.

Comodo Firewall Pro 2.4.17.183 and 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29603.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation