BlackBerry Enterprise Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

BlackBerry Enterprise Server Multiple Vulnerabilities
Secunia Advisory:	SA18277	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-01-02
Last Update:	2006-08-22
Popularity:	15,309 views

Critical:	Highly critical
Impact:	DoS System access
Where:	From remote
Solution Status:	Partial Fix

Software:	BlackBerry Enterprise Server for Domino 2.x BlackBerry Enterprise Server for Domino 4.x BlackBerry Enterprise Server for Exchange 3.x BlackBerry Enterprise Server for Exchange 4.x BlackBerry Enterprise Server for Novell GroupWise 4.x

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-2341 CVE-2005-2342 CVE-2006-0761

Description: Some vulnerabilities have been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. 1) A boundary error exists in the Attachment Service in the handling of malformed TIFF image attachments. This can be exploited to cause a heap-based buffer overflow that causes the service to stop responding to view-attachment requests from BlackBerry users. The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later. 2) An error exists in the handling of Server Routing Protocol (SRP) packets. This can be exploited to disrupt the communication between BlackBerry Enterprise Server and BlackBerry Router, potentially causing a DoS. Successful exploitation requires that the attacker is able to connect to the BlackBerry Server/Router via port 3101/tcp. The vulnerability has been reported in BlackBerry Enterprise Server version 4.0 and later. 3) A boundary error exists in the Attachment Service in the handling of malformed Microsoft Word (.doc) file attachments. This can be exploited to cause a buffer overflow and allows arbitrary code execution on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server. The vulnerability has been reported in following products: * BlackBerry Enterprise Server 2.2 and later for IBM Lotus Domino * BlackBerry Enterprise Server 3.6 and later for Microsoft Exchange * BlackBerry Enterprise Server 4.0 and later for Novell GroupWise Solution: Apply hotfix. BlackBerry Enterprise Server 2.2 for IBM Lotus Domino: A software upgrade will reportedly be released as soon as testing is complete. BlackBerry Enterprise Server 4.0 for IBM Lotus Domino (requires Service Pack 3): Install Service Pack 3 Hotfix 4. BlackBerry Enterprise Server 3.6 for Microsoft Exchange: Install Service Pack 7. BlackBerry Enterprise Server 4.0 for Microsoft Exchange (requires Service Pack 3): Install Service Pack 3 Hotfix 3. BlackBerry Enterprise Server 4.0 for Novell GroupWise (requires Service Pack 3): Install Service Pack 3 Hotfix 1. Note: The vendor recommends that the BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment as a workaround for vulnerability #2. Refer to the vendor's original advisory for specific instructions. Provided and/or discovered by: 1-2) FX, Phenoelit. 3) Reported by vendor. Changelog: 2006-01-23: Vendor released hotfix and reported additional vulnerability. Updated "Description", "Solution", credit, and "Original Advisory" sections. 2006-02-13: Updated "Solution" section. 2006-02-23: Added CVE reference. 2006-08-22: Added link to US-CERT. Original Advisory: http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167898 http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1167895 http://www.blackberry.com/knowledgece.../728075/728850/728215/?nodeid=1181753 http://www.blackberry.com/knowledgece...88526/1166533/1180282/?nodeid=1180211 http://www.blackberry.com/knowledgece...29294/1122673/1145865/?nodeid=1180274 http://www.blackberry.com/knowledgece...29011/1139744/1145864/?nodeid=1180131 Other References: US-CERT VU#392920: http://www.kb.cert.org/vuls/id/392920 US-CERT VU#520718: http://www.kb.cert.org/vuls/id/520718 US-CERT VU#570768: http://www.kb.cert.org/vuls/id/570768

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

21st Nov, 2008

New advisories:	12
New vulnerabilities:	46
Updated advisories:	20

Highly // 812 views

Apple iPhone / iPod touch Multiple Vulnerabilities

Moderately // 421 views

vBulletin Visitor Messages Script Insertion Vulnerability

Less // 416 views

SemanticScuttle Cross-Site Scripting Vulnerabilities

Moderately // 412 views

Easyedit CMS Multiple SQL Injection Vulnerabilities

Highly // 419 views

Fedora update for thunderbird

Less // 456 views

IBM Workplace Web Content Management Cross-Site Scripting Vulnerabilities

Highly // 669 views

BitDefender Antivirus PDF Processing Memory Corruption Vulnerability

Moderately // 482 views

xt:Commerce SQL Injection Vulnerability

Less // 436 views

Softbiz Classifieds Script "msg" Cross-Site Scripting Vulnerability

Not // 619 views

Checkpoint VPN-1 Information Disclosure Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.