|
 |
|
BlackBerry Enterprise Server Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA18277
|
|
|
Release Date:
|
2006-01-02
|
|
Last Update:
|
2006-08-22
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | BlackBerry Enterprise Server for Domino 2.x
BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 3.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x
|
| | CVE reference: | CVE-2005-2341 (Secunia mirror)
CVE-2005-2342 (Secunia mirror)
CVE-2006-0761 (Secunia mirror)
|
|
|
|
|
|
Description:
Some vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
1) A boundary error exists in the Attachment Service in the handling of malformed TIFF image attachments. This can be exploited to cause a heap-based buffer overflow that causes the service to stop responding to view-attachment requests from BlackBerry users.
The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later.
2) An error exists in the handling of Server Routing Protocol (SRP) packets. This can be exploited to disrupt the communication between BlackBerry Enterprise Server and BlackBerry Router, potentially causing a DoS.
Successful exploitation requires that the attacker is able to connect to the BlackBerry Server/Router via port 3101/tcp.
The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later.
3) A boundary error exists in the Attachment Service in the handling of malformed Microsoft Word (.doc) file attachments. This can be exploited to cause a buffer overflow and allows arbitrary code execution on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.
The vulnerability has been reported in following products:
* BlackBerry Enterprise Server 2.2 and later for IBM Lotus Domino
* BlackBerry Enterprise Server 3.6 and later for Microsoft Exchange
* BlackBerry Enterprise Server 4.0 and later for Novell GroupWise
Solution:
Apply hotfix.
BlackBerry Enterprise Server 2.2 for IBM Lotus Domino:
A software upgrade will reportedly be released as soon as testing is complete.
BlackBerry Enterprise Server 4.0 for IBM Lotus Domino (requires Service Pack 3):
Install Service Pack 3 Hotfix 4.
BlackBerry Enterprise Server 3.6 for Microsoft Exchange:
Install Service Pack 7.
BlackBerry Enterprise Server 4.0 for Microsoft Exchange (requires Service Pack 3):
Install Service Pack 3 Hotfix 3.
BlackBerry Enterprise Server 4.0 for Novell GroupWise (requires Service Pack 3):
Install Service Pack 3 Hotfix 1.
Note: The vendor recommends that the BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment as a workaround for vulnerability #2.
Refer to the vendor's original advisory for specific instructions.
Provided and/or discovered by:
1-2) FX, Phenoelit.
3) Reported by vendor.
Changelog:
2006-01-23: Vendor released hotfix and reported additional vulnerability. Updated "Description", "Solution", credit, and "Original Advisory" sections.
2006-02-13: Updated "Solution" section.
2006-02-23: Added CVE reference.
2006-08-22: Added link to US-CERT.
Original Advisory:
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167898
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167895
http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1181753
http://www.blackberry.com/knowledgece...88526/1166533/1180282/?nodeid=1180211
http://www.blackberry.com/knowledgece...29294/1122673/1145865/?nodeid=1180274
http://www.blackberry.com/knowledgece...29011/1139744/1145864/?nodeid=1180131
Other References:
US-CERT VU#392920:
http://www.kb.cert.org/vuls/id/392920
US-CERT VU#520718:
http://www.kb.cert.org/vuls/id/520718
US-CERT VU#570768:
http://www.kb.cert.org/vuls/id/570768
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
5 Related Secunia Security Advisories
|
|
|
1. BlackBerry Enterprise Server PDF Processing Vulnerability
|
|
2. Blackberry Enterprise Server for Domino Denial of Service
|
|
3. BlackBerry Enterprise Server PNG File Handling Vulnerability
|
|
4. BlackBerry Enterprise Server Mobile Data Service Denial of Service
|
|
5. BlackBerry Enterprise Server Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
