Blackberry vulnerable to security flaw

Blackberry Enterprise Servers could be exposed to remote code execution attacks because of the way BES processes PDF files.

The flaw in the PDF distiller of the BlackBerry attachment service for the BlackBerry
Enterprise Server, could allow a hacker take control of the computer that the
BlackBerry Attachment Service runs on.

Research In Motion (RIM) describes the vulnerability in an advisory:

The vulnerability could allow a malicious individual to
cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry
Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.

RIM advises administrators to apply the latest patches as outlined in the advisory.

The following server software is affected:

  • BlackBerry Enterprise Server
    Express version 5.0.2 for Microsoft Exchange
  • BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for Microsoft Exchange
  • BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for IBM Lotus Domino
  • BlackBerry Enterprise Server versions 5.0.1, 4.1.7 and earlier for Novell
  • BlackBerry® Professional Software version 4.1.4 and earlier for Microsoft Exchange and IBM Lotus Domino

While Blackberry smartphones are not affected RIM recommends that users exercise caution when receiving email messages from untrusted sources, and opening files at the direction of untrusted sources.

From: RIM

This entry was posted in Uncategorized. Bookmark the permalink.

4 Responses to Blackberry vulnerable to security flaw

  1. Suchmaschine says:

    There is obviously a lot to know about this. I think you made some good points in Features also.
    Keep working ,great job!

  2. my God, i thought you were going to chip in with some decisive insght at the end there, not leave it
    with ‘we leave it to you to decide’.

    • bobbenedetti says:

      Thank you for reading my blog. I hope you will come back often.
      Unfortunately there isn’t much insight to be added here..The message of the item is BES operators should be aware of the problem and apply the patches and the last paragraph is just a reminder that we should always be careful about email we open no matter what the platform.

  3. Great blog! I truly love the way it? s quick on my eyes also as the information are well written. I am questioning how i could be notified every time a brand new post has been made. I’ve subscribed to your rss feed which want to accomplish the trick! Have a good day!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s