Comodo Firewall Crashes on Malformed IPv6 Packet, Vulnerability Unpatched

A critical vulnerability, dubbed ComoDoS, has been disclosed in Comodo Internet Security that allows for remote denial-of-service attacks. Security researcher Marcus Hutchins detailed the flaw, providing a proof-of-concept exploit that demonstrates how a single malformed TCP/IP packet can cause targeted Windows endpoints to crash.

This vulnerability bypasses all configured firewall rules, rendering the security software ineffective against this specific attack vector. The exploit targets the way Comodo's security software processes incoming IPv6 traffic, leading to a system crash when malformed data is received.

Hutchins reported that he attempted to responsibly disclose the flaw to Comodo, but received no response from the vendor. SecurityWeek also attempted to contact Comodo for comment but was unable to elicit a statement. As of the disclosure, the vulnerability remains unpatched, leaving users of Comodo Internet Security exposed.

The implications of this unpatched flaw are significant, as it allows for a relatively simple denial-of-service attack that can disrupt business operations and compromise system availability. Organizations relying on Comodo's security suite may be at increased risk if this vulnerability is actively exploited in the wild.

While the disclosure focuses on denial-of-service, the underlying mechanism of bypassing firewall rules could potentially be leveraged in more sophisticated attacks if further research uncovers additional exploitability. The lack of vendor response is a concerning indicator for the security posture of affected users.

Users are advised to consider alternative security solutions or implement network-level mitigations if possible until Comodo addresses this critical vulnerability. The ongoing lack of a patch or vendor communication leaves a significant security gap for its user base.