製品・ソフトウェアに関する情報

JVN脆弱性詳細

Comodo Firewall Pro におけるセキュリティ保護を回避される脆弱性

Title	Comodo Firewall Pro におけるセキュリティ保護を回避される脆弱性
Summary	Comodo Firewall Pro (前 Comodo Personal Firewall) は、脆弱な暗号化ハッシュ関数 (CRC32) を使用して信頼できるモジュールを識別するため、セキュリティ保護を回避される脆弱性が存在します。
Possible impacts	ローカルユーザにより、同一の CRC32 値をもつ変更されたモジュールに代替されることで、セキュリティ保護を回避される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 21, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

Comodo

comodo firewall pro 2.4.17.183 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-1051	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1051
National Vulnerability Database (NVD)
2	CVE-2007-1051	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1051

ベンダー情報

No	Name	URL
Comodo
1	Top Page	http://personalfirewall.comodo.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-1051

Summary	Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.
Summary	Comodo Firewall Pro (antes llamado Comodo Personal Firewall) 2.4.17.183 y versiones anteriores utiliza una función hash criptográfica (CRC32) débil para identificar módulos de confianza, lo cual permite a usuarios locales evitar protecciones de seguridad sustituyendo módulos modificados que tienen el mismo valor CRC32.
Publication Date	Feb. 22, 2007, 8:28 a.m.
Registration Date	Jan. 29, 2021, 2:07 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:comodo:comodo_firewall_pro::::::::			2.4.17.183

Related information, measures and tools

No	URL	refsource
1	http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html	cve@mitre.org
2	http://osvdb.org/45243	cve@mitre.org
3	http://securityreason.com/securityalert/2279	cve@mitre.org
4	http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php	cve@mitre.org
5	http://www.securityfocus.com/archive/1/460209/100/100/threaded	cve@mitre.org
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/32530	cve@mitre.org
7	http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052461.html	af854a3a-2127-422b-91ae-364da2661108
8	http://osvdb.org/45243	af854a3a-2127-422b-91ae-364da2661108
9	http://securityreason.com/securityalert/2279	af854a3a-2127-422b-91ae-364da2661108
10	http://www.matousec.com/info/advisories/Comodo-DLL-injection-via-weak-hash-function-exploitation.php	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/archive/1/460209/100/100/threaded	af854a3a-2127-422b-91ae-364da2661108
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/32530	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List