[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Comodo DLL injection via weak hash function exploitation Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Comodo DLL injection via weak hash function exploitation Vulnerability
- From: Matousec - Transparent security Research <research@xxxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 12:24:20 +0100
Hello,
We would like to inform you about a vulnerability in Comodo Firewall Pro.
Description:
Comodo Firewall Pro (former Comodo Personal Firewall) implements a component
control, which is based on a checksum
comparison of process modules. Probably to achieve a better performance, cyclic
redundancy check (CRC32) is used as a
checksum function in its implementation. However, CRC32 was developed for error
detection purposes and can not be used
as a reliable cryptographic hashing function because it is possible to generate
collisions in real time. The character
of CRC32 allows attacker to construct a malicious module with the same CRC32
checksum as a chosen trusted module in the
target system and thus bypass the protection of the component control.
Vulnerable software:
* Comodo Firewall Pro 2.4.17.183
* Comodo Firewall Pro 2.4.16.174
* Comodo Personal Firewall 2.3.6.81
* probably all older versions of Comodo Personal Firewall 2
* possibly older versions of Comodo Personal Firewall
More details and a proof of concept including its source code are available
here:
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
Regards,
--
Matousec - Transparent security Research
http://www.matousec.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/