AOH :: HP Unsorted C :: C07-2353.HTM

Comodo DLL injection via weak hash function exploitation Vulnerability



Comodo DLL injection via weak hash function exploitation Vulnerability
Comodo DLL injection via weak hash function exploitation Vulnerability



Hello,

We would like to inform you about a vulnerability in Comodo Firewall Pro.


Description:

Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum 
comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a 
checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used 
as a reliable cryptographic hashing function because it is possible to generate collisions in real time. The character 
of CRC32 allows attacker to construct a malicious module with the same CRC32 checksum as a chosen trusted module in the 
target system and thus bypass the protection of the component control.


Vulnerable software:

     * Comodo Firewall Pro 2.4.17.183
     * Comodo Firewall Pro 2.4.16.174
     * Comodo Personal Firewall 2.3.6.81
     * probably all older versions of Comodo Personal Firewall 2
     * possibly older versions of Comodo Personal Firewall


More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php 


Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/ 



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.