Secunia - Stay Secure
Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


BlackBerry Enterprise Server Multiple Vulnerabilities Advisory Available in Danish 

Secunia Advisory: SA18277  
Release Date: 2006-01-02
Last Update: 2006-08-22

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Partial Fix

Software:BlackBerry Enterprise Server for Domino 2.x
BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 3.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x

CVE reference:CVE-2005-2341 (Secunia mirror)
CVE-2005-2342 (Secunia mirror)
CVE-2006-0761 (Secunia mirror)



Description:
Some vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

1) A boundary error exists in the Attachment Service in the handling of malformed TIFF image attachments. This can be exploited to cause a heap-based buffer overflow that causes the service to stop responding to view-attachment requests from BlackBerry users.

The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later.

2) An error exists in the handling of Server Routing Protocol (SRP) packets. This can be exploited to disrupt the communication between BlackBerry Enterprise Server and BlackBerry Router, potentially causing a DoS.

Successful exploitation requires that the attacker is able to connect to the BlackBerry Server/Router via port 3101/tcp.

The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later.

3) A boundary error exists in the Attachment Service in the handling of malformed Microsoft Word (.doc) file attachments. This can be exploited to cause a buffer overflow and allows arbitrary code execution on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

The vulnerability has been reported in following products:
* BlackBerry Enterprise Server 2.2 and later for IBM Lotus Domino
* BlackBerry Enterprise Server 3.6 and later for Microsoft Exchange
* BlackBerry Enterprise Server 4.0 and later for Novell GroupWise

Solution:
Apply hotfix.

BlackBerry Enterprise Server 2.2 for IBM Lotus Domino:
A software upgrade will reportedly be released as soon as testing is complete.

BlackBerry Enterprise Server 4.0 for IBM Lotus Domino (requires Service Pack 3):
Install Service Pack 3 Hotfix 4.

BlackBerry Enterprise Server 3.6 for Microsoft Exchange:
Install Service Pack 7.

BlackBerry Enterprise Server 4.0 for Microsoft Exchange (requires Service Pack 3):
Install Service Pack 3 Hotfix 3.

BlackBerry Enterprise Server 4.0 for Novell GroupWise (requires Service Pack 3):
Install Service Pack 3 Hotfix 1.


Note: The vendor recommends that the BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment as a workaround for vulnerability #2.

Refer to the vendor's original advisory for specific instructions.

Provided and/or discovered by:
1-2) FX, Phenoelit.
3) Reported by vendor.

Changelog:
2006-01-23: Vendor released hotfix and reported additional vulnerability. Updated "Description", "Solution", credit, and "Original Advisory" sections.
2006-02-13: Updated "Solution" section.
2006-02-23: Added CVE reference.
2006-08-22: Added link to US-CERT.

Original Advisory:
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167898
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167895
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1181753
http://www.blackberry.com/knowledgece...88526/1166533/1180282/?nodeid=1180211
http://www.blackberry.com/knowledgece...29294/1122673/1145865/?nodeid=1180274
http://www.blackberry.com/knowledgece...29011/1139744/1145864/?nodeid=1180131

Other References:
US-CERT VU#392920:
http://www.kb.cert.org/vuls/id/392920

US-CERT VU#520718:
http://www.kb.cert.org/vuls/id/520718

US-CERT VU#570768:
http://www.kb.cert.org/vuls/id/570768



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

5 Related Secunia Security Advisories

1. BlackBerry Enterprise Server PDF Processing Vulnerability
2. Blackberry Enterprise Server for Domino Denial of Service
3. BlackBerry Enterprise Server PNG File Handling Vulnerability
4. BlackBerry Enterprise Server Mobile Data Service Denial of Service
5. BlackBerry Enterprise Server Multiple Vulnerabilities


Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.








Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
HP TCP/IP Services for OpenVMS Finger Format String Vulnerability
2.
phpBB reveals user IPs
3.
Sun Solaris Kernel Covert Channel Security Bypass
4.
Blogn Cross-Site Scripting and Cross-Site Request Forgery
5.
GpsDrive "geo-code" Insecure Temporary Files
6.
geo-* Insecure Temporary Files
7.
Adium MSN SLP Message Integer Overflow Vulnerabilities
8.
Acoustica Mixcraft ".mx4" File Processing Buffer Overflow
9.
Novell eDirectory Multiple Vulnerabilities
10.
dotProject SQL Injection and Cross-Site Scripting





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia