A recent post on BlackBerry website highlights that vulnerabilities have been detected in the way the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone.
Armed with a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity), what makes these vulnerabilities a cause of worry is, if successful, it may allow an attacker to win access and then execute a code on the BlackBerry Enterprise Server. It doesn't end there. Based on the available priveleges to the configured BlackBerry Enterprise Server service account, the miscreant may even be able to extend his reach to other non-segmented parts of the network.
To exploit the vulnerabilities present in the way TIFF images are processed by BlackBerry MDS Connection Service, an attacker would have to make a special webpage – adept to convince a user to clock on the link to that webpage. The link in question would be given to the user by way of an email or instant message.
Provides interim security update
The post adds, “RIM is not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers, and recommends that affected customers update to the latest available software version to be fully protected from these vulnerabilities.”
What's more, to make good of these vulnerabilities in the way the BlackBerry Messaging Agent or the BlackBerry Collaboration Service processes TIFF images, the attacker would have to embed that questionable TIFF image in an email or enterprise instant message and send the message to the BlackBerry smartphone user. Shockingly, the user does not have to click a link or an image, or even view the mail or IM for the attack to go through.
The company, however, has issued BlackBerry Enterprise Server version 5.0.4 MR2, which it says fixes these holes and can be used for all affected supported versions of BlackBerry Enterprise Server. The company has also issued an interim security update that it states is verified with supported versions of BlackBerry Enterprise Server and BlackBerry Enterprise Server Express.
The interim security update essentially replaces the installed image.dll file, which the affected components use, with an image.dll file that is not affected by the vulnerabilities.
List of affected software:
- BlackBerry Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino
- BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise
List of non-affected software:
- BlackBerry Device Software
- BlackBerry Desktop Software
- BlackBerry Enterprise Server version 5.0.4 MR1 and later for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise
- BlackBerry Enterprise Server Express version 5.0.4 (interim security update) and later for Microsoft Exchange and IBM Lotus Domino
- BlackBerry Enterprise Service 10
Publish date: February 19, 2013 4:47 pm| Modified date: December 19, 2013 8:37 am