Details of VAR-200702-0107

ID

VAR-200702-0107

CVE

CVE-2007-0708

TITLE

Comodo Firewall Pro of cmdmon.sys Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-001513

DESCRIPTION

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. Comodo Firewall is prone to multiple denial-of-service vulnerabilities because it fails to adequately validate user supplied data. Exploiting these issues may permit attackers to cause system crashes and deny service to legitimate users. Presumaby, attackers may also be able to execute arbitrary code, but this has not been confirmed. Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected. The Comodo firewall hooks many functions in SSDT, and there are at least 7 cases where there are no parameters for verifying user mode. Due to a bug in the cmdmon.sys driver, a denial of service may result when calling NtConnectPort, NtCreatePort, NtCreateSection, NtOpenProcess, NtOpenSection, NtOpenThread, and NtSetValueKey

Trust: 1.98

sources: NVD: CVE-2007-0708 // JVNDB: JVNDB-2007-001513 // BID: 22357 // VULHUB: VHN-24070

AFFECTED PRODUCTS

vendor:	comodo	model:	firewall pro	scope:	eq	version:	2.4.16.174	Trust: 1.9
vendor:	comodo	model:	firewall pro	scope:	lt	version:	2.4.16.174	Trust: 0.8
vendor:	comodo	model:	personal firewall	scope:	eq	version:	2.3.6.81	Trust: 0.3
vendor:	comodo	model:	firewall pro	scope:	ne	version:	2.4.17.183	Trust: 0.3

sources: BID: 22357 // JVNDB: JVNDB-2007-001513 // CNNVD: CNNVD-200702-057 // NVD: CVE-2007-0708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0708
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0708
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-057
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24070
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0708
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24070
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24070 // JVNDB: JVNDB-2007-001513 // CNNVD: CNNVD-200702-057 // NVD: CVE-2007-0708

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0708

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200702-057

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200702-057

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001513

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-24070

PATCH

title:

Top Page

url:

http://personalfirewall.comodo.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-001513

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0708	Trust: 2.8
db:	BID	id:	22357	Trust: 2.0
db:	SECTRACK	id:	1017580	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001513	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-057	Trust: 0.7
db:	BUGTRAQ	id:	20070201 COMODO MULTIPLE INSUFFICIENT ARGUMENT VALIDATION OF HOOKED SSDT FUNCTION VULNERABILITY	Trust: 0.6
db:	XF	id:	32059	Trust: 0.6
db:	SEEBUG	id:	SSVID-83050	Trust: 0.1
db:	EXPLOIT-DB	id:	29558	Trust: 0.1
db:	VULHUB	id:	VHN-24070	Trust: 0.1

sources: VULHUB: VHN-24070 // BID: 22357 // JVNDB: JVNDB-2007-001513 // CNNVD: CNNVD-200702-057 // NVD: CVE-2007-0708

REFERENCES

url:	http://www.securityfocus.com/bid/22357	Trust: 1.7
url:	http://www.matousec.com/info/advisories/comodo-multiple-insufficient-argument-validation-of-hooked-ssdt-functions.php	Trust: 1.7
url:	http://securitytracker.com/id?1017580	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/458773/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32059	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0708	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0708	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/32059	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/458773/100/0/threaded	Trust: 0.6
url:	http://www.comodo.com/	Trust: 0.3
url:	http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php	Trust: 0.3
url:	/archive/1/479830	Trust: 0.3

sources: VULHUB: VHN-24070 // BID: 22357 // JVNDB: JVNDB-2007-001513 // CNNVD: CNNVD-200702-057 // NVD: CVE-2007-0708

CREDITS

Matousec※http://www.matousec.com/

Trust: 0.6

sources: CNNVD: CNNVD-200702-057

SOURCES

db:	VULHUB	id:	VHN-24070
db:	BID	id:	22357
db:	JVNDB	id:	JVNDB-2007-001513
db:	CNNVD	id:	CNNVD-200702-057
db:	NVD	id:	CVE-2007-0708

LAST UPDATE DATE

2024-11-23T22:19:53.241000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24070	date:	2018-10-16T00:00:00
db:	BID	id:	22357	date:	2015-05-12T19:34:00
db:	JVNDB	id:	JVNDB-2007-001513	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-057	date:	2007-02-06T00:00:00
db:	NVD	id:	CVE-2007-0708	date:	2024-11-21T00:26:32.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24070	date:	2007-02-04T00:00:00
db:	BID	id:	22357	date:	2007-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2007-001513	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-057	date:	2007-02-03T00:00:00
db:	NVD	id:	CVE-2007-0708	date:	2007-02-04T00:28:00