Severe Remote Flaw Fixed in BlackBerry Enterprise Server

There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device.

The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network. The company has issued a patch for the BES flaws and says that they are at the top of the severity scale in terms of exploitability.

The vulnerability in both the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent is related to the way that the components handle PNG and TIFF image files. Exploiting the vulnerabilities can be as easy as sending a malicious PNG or TIFF file to a BlackBerry user. In some scenarios, the user wouldn't even need to open the email or click on a link in order to complete the attack.

"Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network," RIM said in its advisory.

"To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.

"To exploit these vulnerabilities in how the BlackBerry Messaging Agent processes PNG and TIFF images, an attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry smartphone user. The user does not need to click a link or an image, or view the email message, for the attack to succeed in this scenario."

BlackBerry Enterprise Server is the back-end software that enterprises use to manage their deployments of BlackBerry devices.

Commenting on this Article is closed.