Comodo Firewall Pro 杂乱数据函数安全绕过和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191639 漏洞类型 未知
发布时间 2007-02-21 更新时间 2007-02-21
CVE编号 CVE-2007-1051 CNNVD-ID CNNVD-200702-362
漏洞平台 N/A CVSS评分 4.6
|漏洞来源
https://www.securityfocus.com/bid/86612
https://cxsecurity.com/issue/WLB-2007020082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200702-362
|漏洞详情
ComodoFirewallPro(原来是Comodo个人防火墙)2.4.17.183及其早期版本使用一个议程密码的弱杂乱数据函数(CRC32),以找出可靠的模块,这会允许本地用户通过取代修改过的且具有相同CRC32值的模块来绕过安全保护机制。
|漏洞EXP
Hello,

We would like to inform you about a vulnerability in Comodo Firewall Pro.

Description:

Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum 
comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a 
checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used 
as a reliable cryptographic hashing function because it is possible to generate collisions in real time. The character 
of CRC32 allows attacker to construct a malicious module with the same CRC32 checksum as a chosen trusted module in the 
target system and thus bypass the protection of the component control.

Vulnerable software:

* Comodo Firewall Pro 2.4.17.183
     * Comodo Firewall Pro 2.4.16.174
     * Comodo Personal Firewall 2.3.6.81
     * probably all older versions of Comodo Personal Firewall 2
     * possibly older versions of Comodo Personal Firewall

More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-ha
sh-function-exploitation.php

Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/
|受影响的产品
Comodo Comodo Firewall Pro 2.4.17 .183
|参考资料

来源:XF
名称:comodofirewallpro-crc32-security-bypass(32530)
链接:http://xforce.iss.net/xforce/xfdb/32530
来源:BUGTRAQ
名称:20070215ComodoDLLinjectionviaweakhashfunctionexploitationVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/460209/100/100/threaded
来源:MISC
链接:http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php
来源:OSVDB
名称:45243
链接:http://osvdb.org/45243
来源:FULLDISC
名称:20070215ComodoDLLinjectionviaweakhashfunctionexploitationVulnerability
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html
来源:SREASON
名称:2279
链接:http://securityreason.com/securityalert/2279