Bypassing settings protection in CF

any1one aware ? any comment ? fix or fixed already ? …

checked forums via search but nothing pops out …

Dwarden, you are one of the first and few to have linked Matousec’s latest advisory here. He always contacts the vendor of the tested product first before publicly releasing his bugs:
2007-03-01: Advisory released
2007-02-15: Vendor
[Comodo :)] notification

Furthermore, the chances of such an attack through this vulnerability is miniscule according to some opinions. Though I’ve always wondered about these vulnerabilities. Does one have to be infected with malware or can a hacker still remotely exploit them? Matousec’s reports indicate locally exploitable bugs only (for all firewalls he’s analyzed so far).

Also, in our tests, the exploit takes a long time to be actually exploited, and the options are limited. Comodo will fix it for thoroughness, but if they take their time the internet won’t exactly break.

we are aiming for v3 for the fixes for all these…

Actually a decent Personal Firewall focuses more on locally exploitable vulnerabilities than remote one. To defend oneself from remotely exploitable bugs even Windows Firewall or ISP access-lists are more than enough. But the rest of protection lies in the local zone. Anyone could construct a trojan that is transparent to AV software and if it also could bypass PF, that would be a complete disaster.

I see. So if one does not currently have malware then it’s not a concern in that sense. Malware has to get into the computer first, right?

most of trojans/malware infections lays in local zone and not thru remote exploits

(exception can be hole in kernel or other OS components which you can for sure remember as mass worm times via remote)

by my IT experience 80% of infections on customers/partners roots from local account and from these 50% were local admin accounts …

like someone said, with good nix fw and use of brain, u may never need PF, AV,AT,AS,AM w/e :)…

In certain environments, this is true. I’m getting closer to that level :). However, there was one time in the past when I had to re-format my OS and within minutes of being on the net to Windows Update site, I was infected with a trojan (found out shortly after running an AV). That was during the short moment I didn’t have a firewall.