Author Topic: Matousec discovered a bug in Comodo Firewall  (Read 3511 times)

Offline fedex-bermu

  • Newbie
  • *
  • Posts: 20
Matousec discovered a bug in Comodo Firewall
« on: December 18, 2006, 08:45:50 PM »
Advisory 2006-12-15.01
Bypassing process identification of several personal firewalls and HIPS
Basic information:

Release date: December 15, 2006

Last update: December 16, 2006

Type: Design bugs

Character: Privilege escalation

Status: N/A

Risk: Serious bugs

Exploitability: Locally exploitable bugs

Discoverability: Hardly discoverable

Testing program: ex-coat.zip
Description:

Personal firewalls, HIPS and similar security software that implement per process security have to be able to identify the process that attempts to execute privileged action. Usually, not only the name and the process identifier but also the full path of such process or other informations are required. Some security software in this area obtain these informations improperly from user mode structures of the unknown process. This means that such security software relies on user mode data that can be modified by the malicious applications. It is possible to modify these data such that the malicious process appears to be another (e.g. trusted) process. Vulnerable security software then allows executing privileged actions to the malicious application.
Vulnerable software:

    * AntiHook 3.0.0.23 - Desktop
    * AVG Anti-Virus plus Firewall 7.5.431
    * Comodo Personal Firewall 2.3.6.81
    * Filseclab Personal Firewall 3.0.0.8686
    * Look 'n' Stop 2.05p2
    * Sygate Personal Firewall 5.6.2808
    * probably older versions of above mentioned products
    * possibly other personal firewalls and HIPS software

Not vulnerable software:

    * Look 'n' Stop 2.05p2 and later with patched driver

Events:

    * 2006-12-15: Soft4Ever, the vendor of Look 'n' Stop, confirmed the vulnerability and published a patch
    * 2006-12-15: Advisory released
    * 2006-12-15: Vendor notification

References:

    * Windows Personal Firewall Analysis project

soyabeaner

  • Guest
Re: Matousec discovered a bug in Comodo Firewall
« Reply #1 on: December 18, 2006, 08:47:59 PM »
This was already fixed during the beta version: http://forums.comodo.com/index.php/topic,4592.0.html (B)

Offline fedex-bermu

  • Newbie
  • *
  • Posts: 20
Re: Matousec discovered a bug in Comodo Firewall
« Reply #2 on: December 19, 2006, 12:10:58 AM »
ooohhh Im sorry  (:SHY)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek