Computer Security

Security Advisory: CTM PowerMail 4.2.1 de Carbon <http://www.ctmdev.com>
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  PCTools iAntivirus multiple security vulnerabilities

From:Carsten Eilers <advisories_(at)_ceilers-it.de>
Date:12.03.2009
Subject:CTM PowerMail 4.2.1 de Carbon <http://www.ctmdev.com>

Title
Multiple Vulnerabilities in iAntiVirus

Program
PC Tools iAntiVirus for Mac OS X
http://www.iantivirus.com/

Tested version
1.35, Engine Version 1.0.0.10

tested on german Mac OS X 10.5 with following preferences:
- Scan inside archives ON
- Scan mode NORMAL
- Heuristics NORMAL

Description
1. No scan in .sit- and .dmg-archives

  The scan-function and the online-scanner OnGuard doesn't
  scan .sit- and .dmg-archives.

  Impact:
  It's possible to download malware from the internet or
  to copy it from an usb-stick without interruption from
  iAntiVirus.
  Malware in .sit-archives is recognized by OnGuard during
  manuel decompression, but malware in .dmg-diskimages is
  only recognized during a manual scan of the mounted image.
  It's possible to run malware from the mounted diskimage
  (tested with MacSmurf, which iAntiVirus recognizes as
  'Hacktool.OSX.MacSmurf')

2. Problems with special chars in filenames

  The scanner, OnGuard and the quarantine-management are
  unable to work with files with several special chars in
  it, for example ?, which is transformed to Æ.

  Impact:
  False-positives are lost, since it's impossible to restore
  them. Perhaps it's possible to evade the virus-protection.

3. No user-restrictions in the quarantine-management

  All quarantined files are managed in the same area. Every
  user can restore the files of every other user, included
  the admin

  Impact:
  A normal user can restore quarantined malware in other
  accounts, tested with the iWorks-Trojan, which was
  installed by the admin and restored by a normal user.
  Additional, the history-function contains no information
  about the user which performs an action and can erased by
  every user.

4. OnGuard does only protect one user (or perhaps a few more)
  If OnGuard is on and another user logs in, it seems as if
  OnGuard is off. If he copies some malware on the system,
  this disappears without any warning: OnGuard is active and
  moves the files in the quarantine, but doesn't inform the
  user about this. If the first user is an admin, this seems
  to work for every normal user. If the first user is a normal
  user, it sometimes works for the admin as second user, but
  not every time.

5. Ignorance of file-permissions

  Every normal user can start a "normal scan", which includes
  the system-, library- an program-folders and the folders of
  every user.

Solution
None

Credits
Carsten Eilers

Original advisory
http://www.ceilers-it.de/advisories/iantivirus.html
(also as german version)


Regards
 Carsten Eilers

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru