RIM Issues Fix For Remote Bug in BlackBerry Enterprise Server

Research in Motion, the maker of the BlackBerry devices and software, has released a patch for a flaw in its BlackBerry Enterprise Server software that could enable an attacker to execute arbitrary code on an affected server.

RIMResearch in Motion, the maker of the BlackBerry devices and software, has released a patch for a flaw in its BlackBerry Enterprise Server software that could enable an attacker to execute arbitrary code on an affected server.

The vulnerability in the BES software specifically lies in the PDF distiller piece of the BlackBerry Attachment service. The buffer overflow vulnerability affects the way that the software handles attachments and could result in either the service crashing or in remote code execution.

“Successful exploitation of this vulnerability requires a malicious
individual to persuade a BlackBerry smartphone user to open a specially
crafted PDF file on a BlackBerry smartphone that is associated with a
user account on a BlackBerry Enterprise Server. The PDF file may be
attached to an email message or the BlackBerry smartphone user may
retrieve it from a web site using the BlackBerry Browser,” RIM said in its advisory.

RIM said that the bug affects a number of versions of BES, including:

  • BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
  • BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino

BlackBerry Enterprise Server is the back-end software that organizations use to run their BlackBerry phone deployments. It coordinates the synchronization of messaging, calendar and contact entries between a corporate network and the BlackBerry devices. The bug in BES does not directly affect BlackBerry devices, the company said.

RIM issued fixes for all of the affected versions and also published a workaround for administrators who can’t apply the patch immediately for whatever reason. The company said that customers could address the issue by removing PDFs from the list of file types that the BlackBerry Attachment Service handles and then preventing the PDF distiller service from running.

Suggested articles

Threatpost News Wrap, April 22, 2016

Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO’s stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end crypto, Teslacrypt, and more.

Discussion

  • 3 yr warranty on

    Poor RIM, nothing but trouble in their history.

    I'll give em this... PDF is an evil format. 

    Not only does it provide a perfect place for a trojan.... but

    Government loves to use it to hide things, obscure things.  a TIF wrapped document has no searchable text for example.  Toss such a document in a randomly named dir with no index and give it a randomly named filename,  plant the whole thing in a dir structure so deep it won't get indexed, or be searchable, and you have the perfect place to dump corrupt  financial reports.  Why do I say this?  Cause I've already been finding stuff exactly like described.  Usually such cruft is on a Sharepoint server which is under maintenance (tm) or the staff is learning (tm) it.  It's perfect plausable deniability.  Can you OCR it?  sure, but that doesn't help you FIND it in the first place.  Usually hidden when the timing for the legislation or whatever is involved makes it time sensetive.  But also can be used to hide thousands or millions in skimmed money on financial records.  Want to find a hidden mafia organization?  Shine a light on the waste removal financial records.  (you know your garbage cans?)  You'll know your on track when you can't find the document, it's on sharepoint, in pdf format, no index, no search engine.

     

     

     

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.