Blackberry Vulnerability
February 2009
BlackBerry Attachment Service PDF Distiller File Parsing Vulnerability
OVERVIEW:
A vulnerability has been identified in the BlackBerry Attachment Service. BlackBerry Attachment Service is a component of "BlackBerry Enterprise Server" and " BlackBerry Unite! " that is used to process email attachments. Exploitation occurs when specially crafted PDF files are opened or viewed on the Blackberry handset and processed by the Blackberry Attachment Service. This affects the Blackberry Enterprise Server or Blackberry Unite!, and not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SYSTEMS AFFECTED:
· Research In Motion Blackberry Enterprise Server 4.1.3
· Research In Motion Blackberry Enterprise Server 4.1.4
· Research In Motion Blackberry Enterprise Server 4.1.5
· Research In Motion Blackberry Enterprise Server 4.1.6
· Research In Motion Blackberry Professional Software 4.1.4
· Research In Motion Blackberry Unite! 1.0
· Research In Motion Blackberry Unite! 1.0.1
· Research In Motion Blackberry Unite! 1.0.1 bundle 36
RISK:
Government:
* Large and medium government entities: High
* Small government entities: High
DESCRIPTION:
A file parsing vulnerability has been discovered in the way PDF distiller of some versions of BlackBerry Attachment Service handles specially crafted PDF files. If a user opens a specially crafted PDF attachment, it may result in remote code being run on the Blackberry server. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
RECOMMENDATIONS:
We recommend that all of the following actions be taken:
* Apply the appropriate update to vulnerable systems immediately after appropriate testing.
* Until patches can be applied, consider removing PDF files from the supported file format list, or prevent the PDF distiller component from running.
* Do not open email attachments from unknown or un-trusted sources.
* Apply the principle of Least Privilege to all services.
REFERENCES:
SecurityFocus:
http://www.securityfocus.com/bid/33224/
BlackBerry Attachment Service PDF Distiller File Parsing Vulnerability
OVERVIEW:
A vulnerability has been identified in the BlackBerry Attachment Service. BlackBerry Attachment Service is a component of "BlackBerry Enterprise Server" and " BlackBerry Unite! " that is used to process email attachments. Exploitation occurs when specially crafted PDF files are opened or viewed on the Blackberry handset and processed by the Blackberry Attachment Service. This affects the Blackberry Enterprise Server or Blackberry Unite!, and not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
SYSTEMS AFFECTED:
· Research In Motion Blackberry Enterprise Server 4.1.3
· Research In Motion Blackberry Enterprise Server 4.1.4
· Research In Motion Blackberry Enterprise Server 4.1.5
· Research In Motion Blackberry Enterprise Server 4.1.6
· Research In Motion Blackberry Professional Software 4.1.4
· Research In Motion Blackberry Unite! 1.0
· Research In Motion Blackberry Unite! 1.0.1
· Research In Motion Blackberry Unite! 1.0.1 bundle 36
RISK:
Government:
* Large and medium government entities: High
* Small government entities: High
DESCRIPTION:
A file parsing vulnerability has been discovered in the way PDF distiller of some versions of BlackBerry Attachment Service handles specially crafted PDF files. If a user opens a specially crafted PDF attachment, it may result in remote code being run on the Blackberry server. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
RECOMMENDATIONS:
We recommend that all of the following actions be taken:
* Apply the appropriate update to vulnerable systems immediately after appropriate testing.
* Until patches can be applied, consider removing PDF files from the supported file format list, or prevent the PDF distiller component from running.
* Do not open email attachments from unknown or un-trusted sources.
* Apply the principle of Least Privilege to all services.
REFERENCES:
SecurityFocus:
http://www.securityfocus.com/bid/33224/
posted by arkietechs at 7:31 AM
0 Comments:
Post a Comment
<< Home