There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user’s BlackBerry device.
The vulnerabilities are in several version of BES for Exchange, Lotus Domino and Novell GroupWise, and Research in Motion said that an attacker who is able to exploit one of the bugs might also be able to move from the compromised BES server to other parts of the network. The company has issued a patch for the BES flaws and says that they are at the top of the severity scale in terms of exploitability.
The vulnerability in both the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent is related to the way that the components handle PNG and TIFF image files. Exploiting the vulnerabilities can be as easy as sending a malicious PNG or TIFF file to a BlackBerry user. In some scenarios, the user wouldn’t even need to open the email or click on a link in order to complete the attack.
“Successful exploitation of any of these vulnerabilities might allow
an attacker to gain access to and execute code on the BlackBerry
Enterprise Server. Depending on the privileges available to the
configured BlackBerry Enterprise Server service account, the attacker
might also be able to extend access to other non-segmented parts of the
network,” RIM said in its advisory.
“To exploit these vulnerabilities in how the BlackBerry MDS Connection
Service processes PNG and TIFF images, an attacker would need to create
a specially crafted web page and then persuade the BlackBerry
smartphone user to click a link to that web page. The attacker could
provide the link to the user in an email or instant message.
“To exploit these vulnerabilities in how the BlackBerry Messaging
Agent processes PNG and TIFF images, an attacker would need to embed
specially crafted PNG and TIFF images in an email message and send the
message to the BlackBerry smartphone user. The user does not need to
click a link or an image, or view the email message, for the attack to
succeed in this scenario.”
BlackBerry Enterprise Server is the back-end software that enterprises use to manage their deployments of BlackBerry devices.