Research in Motion, the maker of the BlackBerry devices and software, has released a patch for a flaw in its BlackBerry Enterprise Server software that could enable an attacker to execute arbitrary code on an affected server.
The vulnerability in the BES software specifically lies in the PDF distiller piece of the BlackBerry Attachment service. The buffer overflow vulnerability affects the way that the software handles attachments and could result in either the service crashing or in remote code execution.
“Successful exploitation of this vulnerability requires a malicious
individual to persuade a BlackBerry smartphone user to open a specially
crafted PDF file on a BlackBerry smartphone that is associated with a
user account on a BlackBerry Enterprise Server. The PDF file may be
attached to an email message or the BlackBerry smartphone user may
retrieve it from a web site using the BlackBerry Browser,” RIM said in its advisory.
RIM said that the bug affects a number of versions of BES, including:
- BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
- BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
- BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for Microsoft Exchange and IBM Lotus Domino
- BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
- BlackBerry Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino
BlackBerry Enterprise Server is the back-end software that organizations use to run their BlackBerry phone deployments. It coordinates the synchronization of messaging, calendar and contact entries between a corporate network and the BlackBerry devices. The bug in BES does not directly affect BlackBerry devices, the company said.
RIM issued fixes for all of the affected versions and also published a workaround for administrators who can’t apply the patch immediately for whatever reason. The company said that customers could address the issue by removing PDFs from the list of file types that the BlackBerry Attachment Service handles and then preventing the PDF distiller service from running.