Recently, it was reported by Google Security that there might be a small local vulnerability in Comodo GeekBuddy that allowed a local attacker to gain another locally logged-on user’s privilege. Here is the link from Google’s Project 0. https://code.google.com/p/google-security-research/issues/detail?id=703
The minor potential vulnerability was fixed and addressed back on February 10, prior to it being made public by Google Security.
Unfortunately, in some posts and reports, it has been erroneously stated that an attacker could somehow gain access to a user’s PC through Comodo GeekBuddy and a logged in user.
We spoke with Comodo Senior Vice President of Engineering Egemen Tas on this issue.
“This makes no technical sense. It is not reasonable to expect a remote attacker to connect to your PC with GeekBuddy. First and foremost, GeekBuddy does NOT open any ports and does not accept any incoming connections. Only Comodo technical support, during specific support sessions, can connect and this connection is established through Comodo relay servers, not from a local network or from the internet.”
Mr. Tas continued:
“Second, the vulnerability reported has nothing to do with accessing a VNC server remotely, but using a VNC server to obtain another user’s privilege level — if you have access to the same PC and know the details of the password generation algorithm.”
“Third, the issue cannot be exploited remotely. The attacker has to gain local access to the PC first in order to try and do anything – and the password would need to be predictable only by skilled attackers”
“And lastly, the minor vulnerability has been fixed and addressed back on February 10.”
In summary – all software goes through patch and fixes and this minor issue has already been fixed in GeekBuddy 4.25.380415.167(released on February 10th) and shared with customers.
At Comodo, we always strive to protect our users, and to assist you here are some frequently asked questions on the issue. Customers can feel free to contact GeekBuddy directly at firstname.lastname@example.org or 866-272-9804.
What is the issue?
GeekBuddy uses a modified version of VNC to allow Comodo technicians remote access the PCs during support sessions. In order to use VNC, a local user needs to have a password. In GeekBuddy we automatically generate the password per computer to prevent any local user access to this service.
Which GeekBuddy or CIS versions are affected?
The reported issue does not affect Comodo Internet Security (CIS). It is specifically related to GeekBuddy versions prior to Build 167. We released the hotfix on the 10th of February.
Does GeekBuddy allow remote access by anyone?
No. GeekBuddy is used for remote technical support by Comodo engineers only. It is not technically possible for anyone to connect to your PC. It does NOT open any ports at all. This issue does not allow any remote attacker to obtain any privileges. It requires local access and specific conditions.