- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29603
- Проверка EDB
-
- Пройдено
- Автор
- MATOUSEC TRANSPARENT SECURITY
- Тип уязвимости
- LOCAL
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2007-02-15
Comodo Firewall 2.3/2.4 - Flawed Component Control Cryptographic Hash
Код:
source: https://www.securityfocus.com/bid/22570/info
Comodo Firewall is prone to a design error in its cryptographic hashing function for component controls.
Exploiting this flaw permits attackers to bypass the application's component controls. The application keeps a list of process-module checksums for allowed components. Due to the improper use of a cyclic redundancy check, rather than a cryptographic hash function in developing module checksums, an attacker can trivially insert a malicious control with the same CRC as a trusted component.
Comodo Firewall Pro 2.4.17.183 and 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29603.zip- Источник
- www.exploit-db.com
