Description

Some vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially bypass certain password restrictions.

It is possible to cause the server to consume 100% CPU resources in several minutes when handling extremely large ".pdf" documents.

There are also some errors in the handling of password-protected attachments. In some circumstances when multiple users receive an email with a password-protected attachment and a user enters a correct password, then other recipients will be able to view the attachment without supplying the password.

Furthermore, if a user receives an email with a password-protected attachment and supplies the correct password, then the user doesn't have to supply the password when receiving subsequent emails with the same attachment.

NOTE: Multiple other bugs have also been addressed and some may also be security related.

Solution
Apply BlackBerry Enterprise Server 3.6 Service Pack 1a for Microsoft Exchange:
Further details available in Customer Area

Changelog
Further details available in Customer Area

Original Advisory
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/BlackBerry_Enterprise_Server_3.6_Service_Pack_1a_for_Microsoft_Exchange_Release_Notes?func=doc.Fetch&nodeId=348605&docTitle=BlackBerry+Enterprise+Server+3%2E6+Service+Pack+1a+for+Microsoft+Exchange+Release+Notes

Deep Links
Links available in Customer Area