Comodo - Security Vulnerabilities, CVEs

New_Style_xd · August 27, 2024, 11:04pm

Hello Comodo Team, There are several vulnerabilities that have not been fixed.
Can anyone tell me when these serious fixes that are in the CIS will be made?
See the links below for the vulnerabilities.

C.O.M.O.D.O_RT · August 28, 2024, 9:41am

Hi New_Style_xd,

Thank you for reporting.
We will take this to the team notice and update you.

Thanks
C.O.M.O.D.O RT

cruelsister · August 28, 2024, 12:18pm

Please note that for this vulnerability that: “An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.”.

In other words the system must be infected by something first before the vulnerability can work.

New_Style_xd · August 28, 2024, 5:10pm

That’s why it’s a CVE, it has to be fixed.

This list of bugs from CIS is already circulating in several forums. It won’t be good for COMODO’s image if they don’t release these fixes.

XylentAntivirus · August 31, 2024, 8:40am

There another vulnerability for Comodo but it’s open source malware which bypass Comodo Sandbox environment and deletes everything. But it’s not CVE.

cruelsister · August 31, 2024, 11:45am

Really? Please post the SHA-256 here (if it is open source it would be readily available at the usual places) so that it can be confirmed.

Avos-New-Forum · August 31, 2024, 12:19pm

I honestly don’t understand this unbridled desire to bypass Comodo’s protection. It almost seems like you’re trying everything to succeed…and failing.

patrice58 · August 31, 2024, 12:26pm

Hmmmmm a man with his own AV on here…Yeah I wonder as well…

cruelsister · August 31, 2024, 1:36pm

I have been using CF for years and continue to either find or write malware to bypass it, so far without Joy (haven’t had such a problem with other anti-malware applications as most of my >200 videos can attest).

I personally feel that this sort of continued hammering is essential as I, as noted, personally use it and have recommended Comodo to others for quite a while. So I continue to be as Cruel as possible in testing both to ensure my personal freedom from malware as well as saving face in my recommendations to others.

New_Style_xd · August 31, 2024, 3:43pm

I agree with you, most people are pointing out flaws and vulnerabilities that are already being exploited, and most want to get around the situation.

People aren’t seeing that CIS has a security flaw that is already being exploited.

I think they are fanboys.

New_Style_xd · August 31, 2024, 3:46pm

The work you do with your tests is commendable, I really like it.
But we can’t hide the truth.
What we are showing are bugs that have already been exploited by several people.
We are alerting them so that the CIS team can fix them.
That’s all we are doing and we want you to be successful in fixing them as quickly as possible.

prodex · September 1, 2024, 9:38am

Thank you!
As I understand it (with translation help), you managed to outsmart other security programs. So you couldn’t manage it, not to outsmart them.

How were people tricked? So, did they have their data stolen, bank accounts emptied, blackmailed, ordered things online under their names? I’m asking because after all this eon of using Comodo, I haven’t had any damage from any software or “break-in” due to a vulnerability.

Am I a fanboy who closes his eyes and doesn’t see that $4,999 is suddenly missing from my bank account or that my hard drive was encrypted? I’m already doubting myself? Do Cyber criminals not like me? I’d like to be really harmed so that I don’t have to be a fanboy anymore. Because then I would still stay with Comodo. A fanboy wouldn’t turn his back on it just because of that.

Avos-New-Forum · September 1, 2024, 10:30am

Maybe I didn’t express myself well, I was referring to @XylentAntivirus. Your work (Cruelsister) is to be commended. I have been using only your configuration for years and I am calm and protected.

cruelsister · September 1, 2024, 12:18pm

The issue with bringing up some CVE’s is that frequently there is a lack of understanding on how the vulnerability works, and if it can occur on a System that has not been previously tampered with.

In the case of cve-2024-7252 referenced in the first post, tampering must precede the issue: “An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability”.

In other words, this malicious attack must FIRST bypass Comodo BEFORE stuff can happen to cmdagent, and there is no evidence that this is possible.

cruelsister · September 1, 2024, 2:53pm

First off, thank you for supplying the malware link. This guy asctually hs been known for a while *mechanism is fairly similar to Emotes and Astaroth among others) in that it is primarily a powershell attack with an Outbound connection regyest to connect to malware command (In Amsterdam in this case).

But just like the others mentioned, this lnk file is contained by Comodo at even the base setting with a FW alert for the Outbound request (although if CF is in Silent Mode there would be no popups at all- the file would be contained silently and the Outbound request would be denied by default).

My Thanks to XylentAV for following up on this!!!

Meghan

New_Style_xd · September 1, 2024, 5:04pm

Yes, exactly all of this happened. You are smart.

New_Style_xd · September 1, 2024, 5:16pm

I agree with you, All that said, it is still an exploited vulnerability and needs to be fixed.

prodex · September 1, 2024, 8:17pm

Thank you for this assessment. Smart enough that I have so far been spared the break-ins that others, perhaps you too, have had to experience bitterly. With cruelsisters’ advice and my own rules, I’ve managed to do well, haven’t I?