Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0200
Vulnerabilities in BlackBerry Enterprise Server components
that process images could allow remote code execution
14 February 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry Enterprise Server
Publisher: Blackberry
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2012-4447 CVE-2012-2088
Original Bulletin:
http://www.blackberry.com/btsc/KB33425
- --------------------------BEGIN INCLUDED TEXT--------------------
BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that
process images could allow remote code execution
Article ID: KB33425
Type: Security Advisory
First Published: 02-12-2013
Last Modified: 02-12-2013
Products
Affected Software
BlackBerry Enterprise Server Express version 5.0.4 and earlier for
Microsoft Exchange and IBM Lotus Domino
BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft
Exchange, IBM Lotus Domino and Novell Groupwise
Issue Severity
These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score
of 10.0 (high severity).
Overview
Vulnerabilities exist in components of the BlackBerry Enterprise Server that
process TIFF images for rendering on the BlackBerry smartphone. The BlackBerry
Mobile Data System - Connection Service component processes images on web
pages that the BlackBerry Browser requests. The BlackBerry Messaging Agent
component processes images in email messages. The BlackBerry Collaboration
Service processes images in instant messages sent between your organization's
instant messaging server, its BlackBerry Enterprise Server, and devices that
are using public APIs, a Research In Motion proprietary protocol, and
protocols specified by supported integrated collaboration clients.
RIM is not aware of any attacks on or specifically targeting BlackBerry
Enterprise Server customers, and recommends that affected customers update to
the latest available software version to be fully protected from these
vulnerabilities.
Problem
Vulnerabilities exist in how the BlackBerry MDS Connection Service and the
BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry
smartphone. Successful exploitation of any of these vulnerabilities might
allow an attacker to gain access to and execute code on the BlackBerry
Enterprise Server. Depending on the privileges available to the configured
BlackBerry Enterprise Server service account, the attacker might also be able
to extend access to other non-segmented parts of the network.
To exploit these vulnerabilities in how the BlackBerry MDS Connection Service
processes TIFF images, an attacker would need to create a specially crafted
web page and then persuade the BlackBerry smartphone user to click a link to
that web page. The attacker could provide the link to the user in an email or
instant message.
To exploit these vulnerabilities in how the BlackBerry Messaging Agent or the
BlackBerry Collaboration Service processes TIFF images, an attacker would need
to embed specially crafted TIFF image in an email message or enterprise
instant message and send the message to the BlackBerry smartphone user. The
user does not need to click a link or an image, or view the email message or
instant message for the attack to succeed in this scenario. CollapseImpact
These vulnerabilities could allow an attacker to execute arbitrary code using
the privileges of the BlackBerry Enterprise Server login account.
Resolution
RIM has issued BlackBerry Enterprise Server version 5.0.4 MR2 and an interim
security update to BlackBerry Enterprise Server Express version 5.0.4 which
resolves these vulnerabilities in all affected supported versions of the
BlackBerry Enterprise Server and BlackBerry Enterprise Server Express. Update
your BlackBerry Enterprise Server or BlackBerry Enterprise Server Express to
5.0.4 MR2 or later to be protected from these vulnerabilities. This update
replaces the installed image.dll file that the affected components use with an
image.dll file that is not affected by the vulnerabilities.
If you are using a software version that is not listed below, update to one of
the listed versions before applying the security software update or
Maintenance Release. Visit the Software Support Lifecycle site for information
about product support timelines.
Important: You must install the applicable security software update or MR for
your software version on any computer that hosts a BlackBerry MDS Connection
Service or BlackBerry Messaging Agent instance.
For BlackBerry Enterprise Server Express versions 5.0.2 through 5.0.4 for
Microsoft Exchange and IBM Lotus Domino
Visit http://www.blackberry.com/go/serverdownloads to obtain the
interim security update for BlackBerry Enterprise Server Express.
For BlackBerry Enterprise Server versions 5.0.2 through 5.0.4 for Microsoft
Exchange and IBM Lotus Domino
Visit http://www.blackberry.com/go/serverdownloads to obtain BlackBerry
Enterprise Server version 5.0.4 MR2.
For BlackBerry Enterprise Server versions 5.0.1 and 5.0.4 for Novell Groupwise
Visit http://www.blackberry.com/go/serverdownloads to obtain BlackBerry
Enterprise Server version 5.0.4 MR2.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBURw5qO4yVqjM2NGpAQL+0g//eJBKsfGrfL/263I3tUsLILtwm1NPsIUZ
e0AE0q75YBY1Ecqtx6TnX4j40V7ZC2cC6RUL4wuLK+uD3u2+Ize2xDTJiJjqd6me
vEQvr+68LvtG2ZxTiy5+LwfxCJtpsDsiQvnLxgsxtAlWZVzcCm482qSE227tpFfF
LYxfgZyr6t+JTPYkrF+8M9K0IaZYMl1w7ehMNqcUzDqbeDzPiIx8RoRzLAP/uQqw
bgChmm2VaPcd8Z8lGGVO56JgHvUwldKsWWYIYYtGWhcyZmGBLDc4SoB92NwTlAo4
9gYMwCvBwGMqGSREMEt7X0hyjr5QReZIko9OBzKBd4RQE9+57EO1NBBTVz23tltv
6Es4P9efcesk39uw2xtzmrAYADsXx3qu2/SPfYV4xmS5sBCKMMGtCeqx3p9IGv3u
KvbHGiBxcr29WngvbWJsUENgWYx8Y5gZx5tpB9qNKEGK5ryml2bm9ZUTCGrbWYxW
ScJ+SiXb+Y3nQ8v0Kj7qgKJJWzItCDoKMNG32PxXqGmRGZFE6+knD/uaSfwfzK4r
RXcbOd2lAUk4r+T+y5r4H/A/CwgdYUw5zEDgfoc0PSkjhUvdUNTZmcWI7WxXLdTA
W9Pjh1VWa33hf+4h31UtExDlP+8x1wufjKoADO+ZKoV6o2rMPeA1BFMQYC/iBXKS
5TYYkkGr9pc=
=CaSL
-----END PGP SIGNATURE-----