lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <45D442DC.7060709@matousec.com>
Date: Thu, 15 Feb 2007 12:24:12 +0100
From: Matousec - Transparent security Research <research@...ousec.com>
To: bugtraq@...urityfocus.com
Subject: Comodo DLL injection via weak hash function exploitation Vulnerability

Hello,

We would like to inform you about a vulnerability in Comodo Firewall Pro.


Description:

Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum 
comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a 
checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used 
as a reliable cryptographic hashing function because it is possible to generate collisions in real time. The character 
of CRC32 allows attacker to construct a malicious module with the same CRC32 checksum as a chosen trusted module in the 
target system and thus bypass the protection of the component control.


Vulnerable software:

     * Comodo Firewall Pro 2.4.17.183
     * Comodo Firewall Pro 2.4.16.174
     * Comodo Personal Firewall 2.3.6.81
     * probably all older versions of Comodo Personal Firewall 2
     * possibly older versions of Comodo Personal Firewall


More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php


Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ