Date: 12 January 2011
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0028
Vulnerability in the PDF distiller of the BlackBerry
Attachment Service for the BlackBerry Enterprise Server
12 January 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry Enterprise Server
BlackBerry Professional Software
Publisher: RIM
Operating System: Windows Server 2008
Windows Server 2003
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2010-2604
Original Bulletin:
http://blackberry.com/btsc/KB25382
- --------------------------BEGIN INCLUDED TEXT--------------------
Vulnerability in the PDF distiller of the BlackBerry Attachment Service for
the BlackBerry Enterprise Server
Article ID: KB25382
Type: Security Advisory
First Published : 01-11-11
Last Modified: 01-11-2011
Product(s) Affected:
* BlackBerry® Enterprise Server Express for IBM® Lotus® Domino®
* BlackBerry® Enterprise Server Express for Microsoft® Exchange
* BlackBerry® Enterprise Server for IBM® Lotus® Domino®
* BlackBerry® Enterprise Server for Microsoft® Exchange
* BlackBerry® Enterprise Server for Novell® GroupWise®
* BlackBerry® Professional Software
Products
Affected Software
This issue affects the BlackBerry® Attachment Service component of the
following software versions:
* BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for
Microsoft Exchange
* BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus
Domino
* BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 for
Microsoft Exchange and IBM Lotus Domino
* BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for
Novell GroupWise
* BlackBerry® Professional Software version 4.1.4 for Microsoft
Exchange and IBM Lotus Domino
Non Affected Software
* BlackBerry® Device Software
* BlackBerry® Desktop Software
* BlackBerry® Internet Service
Issue Severity
This vulnerability has Common Vulnerability Scoring System (CVSS)
score of 9.3.
Overview
This advisory describes a security issue that the BlackBerry
Attachment Service component of the BlackBerry Enterprise Server is
susceptible to. The issue relates to a known vulnerability in the PDF
distiller component of the BlackBerry Attachment Service that affects
how the BlackBerry Attachment Service processes PDF files.
Who should read this advisory
BlackBerry Enterprise Server administrators
Expand Who should apply the software fix(es)
BlackBerry Enterprise Server administrators
Recommendation
Complete the resolution actions documented in this advisory.
As a mobile device best practice, RIM recommends that users exercise
caution when receiving email messages from untrusted sources, and
opening files at the direction of untrusted sources.
References
CVE® Identifier: CVE-2010-2604
Complete the resolution actions documented in this advisory.
As a mobile device best practice, RIM recommends that users exercise
caution when receiving email messages from untrusted sources, and
opening files at the direction of untrusted sources.
References
CVE® Identifier: CVE-2010-2604
Related BlackBerry security advisories: KB15766, KB17118,
KB17953, KB18327, KB19860, KB24547, KB24761
The Interim Security Update referenced in this advisory contains a
resolution for the new vulnerability described above as well as the
issues addressed by the previous advisories listed. This is not a
reissue of a previous security update, but a cumulative fix addressing
a new issue and the previously addressed issues. Please see the
earlier advisories for descriptions of those issues.
Problem
The vulnerability could allow a malicious individual to cause buffer
overflow errors, which may result in arbitrary code execution on the
computer that hosts the BlackBerry Attachment Service. While code
execution is possible, an attack is more likely to result in the PDF
rendering process terminating before it completes. In the event of
such an unexpected process termination, the PDF rendering process will
restart automatically but will not resume processing the same PDF
file.
Successful exploitation of this vulnerability requires a malicious
individual to persuade a BlackBerry smartphone user to open a
specially crafted PDF file on a BlackBerry smartphone that is
associated with a user account on a BlackBerry Enterprise Server. The
PDF file may be attached to an email message or the BlackBerry
smartphone user may retrieve it from a web site using the BlackBerry
Browser.
Resolution
RIM has issued the following releases and interim security software
updates that resolve the vulnerabilities in affected versions of the
BlackBerry Enterprise Server.
For BlackBerry Enterprise Server Express version 5.0.2 for Microsoft
Exchange and IBM Lotus Domino
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server Express version 5.0.2.
For BlackBerry Enterprise Server Express version 5.0.1 for Microsoft
Exchange
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server Express version 5.0.1.
For BlackBerry Enterprise Server version 5.0.2 for Microsoft Exchange and
IBM Lotus Domino
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server software version 5.0.2.
For BlackBerry Enterprise Server version 5.0.1 for Microsoft Exchange, IBM
Lotus Domino, and Novell GroupWise
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server software version 5.0.1.
For BlackBerry Enterprise Server version 5.0.0 for Microsoft Exchange and
IBM Lotus Domino
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server software version 5.0.0.
For BlackBerry Enterprise Server version 4.1.7 for Microsoft Exchange, IBM
Lotus Domino, and Novell GroupWise
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Software Update for January 11, 2011 for
BlackBerry Enterprise Server software version 4.1.7.
For BlackBerry Enterprise Server version 4.1.6 for Microsoft Exchange, IBM
Lotus Domino, and Novell GroupWise
* Visit http://www.blackberry.com/go/serverdownloads to obtain
Interim Security Update for January 11, 2011 for BlackBerry
Enterprise Server software version 4.1.6.
If you are using a software version that is not listed above, update
to one of the listed versions before applying the interim security
software update, or refer to the Workaround section of this advisory.
Workaround
Prevent the BlackBerry Attachment Service from processing PDF files in a
BlackBerry Enterprise Server environment
The administrator can prevent the BlackBerry Attachment Service from
processing PDF files by editing the list of file format extensions
that the BlackBerry Attachment Service opens, and then preventing the
PDF attachment distiller from running on the BlackBerry Attachment
Service.
Step 1: To remove the PDF file extension from the list of supported
file format extensions, complete the following actions:
For BlackBerry Enterprise Server versions earlier than 5.0, and BlackBerry
Professional Software
1. From the Windows Desktop, open the BlackBerry Server Configuration
tool.
2. Click the Attachment Server tab.
3. In the Format Extensions field, delete pdf: from the
colon-delimited list of extensions.
4. Click Apply.
5. Click OK.
For BlackBerry Enterprise Server version 5.0 or later and BlackBerry
Enterprise Server Express version 5.0.2
1. In the BlackBerry Administration Service, on the Servers and
components menu, expand BlackBerry Solution topology > BlackBerry
Domain > Component view > Attachment > Connector.
2. Click the BlackBerry Attachment Connector instance that is
associated with the BlackBerry Attachment Service that you want to
change.
3. In the Support Attachment Server instances tab, click Edit
instance.
4. Click the Edit icon.
5. Click the Delete icon for the PDF extension.
6. Click Save all.
Step 2: Until the administrator prevents the PDF attachment distiller
from running, the BlackBerry Attachment Service still detects a PDF
file with a renamed extension (in other words, its extension is not
.pdf) and attempts to process the file automatically. To prevent the
PDF attachment distiller from running, complete the following actions:
For BlackBerry Enterprise Server versions earlier than 5.0, BlackBerry
Enterprise Server Express, and BlackBerry Professional Software
1. On the Windows Desktop, open the BlackBerry Server Configuration
tool.
2. Click the Attachment Server tab.
3. In the Configuration Option drop-down list, select Attachment
Server.
4. In the Distiller Settings section, next to the distiller name
Adobe PDF, clear the check box in the Enabled column.
5. Click Apply.
6. Click OK.
7. On the Windows Desktop, in Administrative Tools, open Services.
8. Right-click BlackBerry Attachment Service and click Stop.
9. Right-click BlackBerry Attachment Service and click Start.
10. Close Services.
For BlackBerry Enterprise Server version 5.0 or later
1. In the BlackBerry Administration Service, on the Servers and
components menu, expand BlackBerry Solution topology > BlackBerry
Domain > Component view > Attachment > Server.
2. Click the instance that you want to change.
3. Click Edit instance.
4. In the Distiller section, in the Allowed column, specify which
distillers are supported for the instance.
5. Click Save.
6. Restart the BlackBerry Attachment Service.
For all versions
In Microsoft Exchange and Novell GroupWise environments, complete the
following additional steps:
1. On the Windows Desktop, in Administrative Tools, open Services.
2. Right-click BlackBerry Dispatcher and click Stop.
3. Right-click BlackBerry Dispatcher and click Start.
4. Close Services.
Note: Restarting BlackBerry Enterprise Server services might delay
message delivery to BlackBerry devices. For more information, see
KB04789.
In IBM Lotus Domino environments, complete the following additional steps:
For BlackBerry Enterprise Server versions earlier than 5.0
1. Open the Lotus Domino Administrator.
2. Click the Server tab.
3. Click the Status tab.
4. Click Server Console.
5. In the Domino Command field, type tell BES quit and press ENTER.
6. In the Domino Command field, type load BES and press ENTER.
7. Close the Lotus Domino Administrator.
For BlackBerry Enterprise Server version 5.0 or later
Note: The administrator should not use the IBM Lotus Domino console to
stop and start the BlackBerry Messaging Agent. If the administrator
uses the IBM Lotus Domino console, the BlackBerry Messaging Agent
libraries might not load properly and, if the administrator configures
high availability, the BlackBerry Messaging Agent might not start
correctly as the primary or standby instance.
1. Stop and start the BlackBerry Controller service and BlackBerry
Dispatcher service in the Windows Services, or stop and start the
BlackBerry Enterprise Server in the BlackBerry Administration
Service.
Disclaimer
By downloading, accessing or otherwise using the Knowledge Base
documents you agree:
(a) that the terms of use for the documents found at
www.blackberry.com/legal/knowledgebase apply to your use or
reference to these documents; and
(b) not to copy, distribute, disclose or reproduce, in full or in
part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at
www.blackberry.com/btsc.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://www.auscert.org.au/1967
iD8DBQFNLQ7x/iFOrG6YcBERAvENAJ9fa7e2Mdy/0Vu9sb0MtUgFX1EKYACcDcqw
uby5/Z3mcPto2x8OfTeyBi4=
=5VA7
-----END PGP SIGNATURE-----
|