Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0200 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution 14 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BlackBerry Enterprise Server Publisher: Blackberry Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-4447 CVE-2012-2088 Original Bulletin: http://www.blackberry.com/btsc/KB33425 - --------------------------BEGIN INCLUDED TEXT-------------------- BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution Article ID: KB33425 Type: Security Advisory First Published: 02-12-2013 Last Modified: 02-12-2013 Products Affected Software BlackBerry Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino BlackBerry Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise Issue Severity These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity). Overview Vulnerabilities exist in components of the BlackBerry Enterprise Server that process TIFF images for rendering on the BlackBerry smartphone. The BlackBerry Mobile Data System - Connection Service component processes images on web pages that the BlackBerry Browser requests. The BlackBerry Messaging Agent component processes images in email messages. The BlackBerry Collaboration Service processes images in instant messages sent between your organization's instant messaging server, its BlackBerry Enterprise Server, and devices that are using public APIs, a Research In Motion proprietary protocol, and protocols specified by supported integrated collaboration clients. RIM is not aware of any attacks on or specifically targeting BlackBerry Enterprise Server customers, and recommends that affected customers update to the latest available software version to be fully protected from these vulnerabilities. Problem Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network. To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message. To exploit these vulnerabilities in how the BlackBerry Messaging Agent or the BlackBerry Collaboration Service processes TIFF images, an attacker would need to embed specially crafted TIFF image in an email message or enterprise instant message and send the message to the BlackBerry smartphone user. The user does not need to click a link or an image, or view the email message or instant message for the attack to succeed in this scenario. CollapseImpact These vulnerabilities could allow an attacker to execute arbitrary code using the privileges of the BlackBerry Enterprise Server login account. Resolution RIM has issued BlackBerry Enterprise Server version 5.0.4 MR2 and an interim security update to BlackBerry Enterprise Server Express version 5.0.4 which resolves these vulnerabilities in all affected supported versions of the BlackBerry Enterprise Server and BlackBerry Enterprise Server Express. Update your BlackBerry Enterprise Server or BlackBerry Enterprise Server Express to 5.0.4 MR2 or later to be protected from these vulnerabilities. This update replaces the installed image.dll file that the affected components use with an image.dll file that is not affected by the vulnerabilities. If you are using a software version that is not listed below, update to one of the listed versions before applying the security software update or Maintenance Release. Visit the Software Support Lifecycle site for information about product support timelines. Important: You must install the applicable security software update or MR for your software version on any computer that hosts a BlackBerry MDS Connection Service or BlackBerry Messaging Agent instance. For BlackBerry Enterprise Server Express versions 5.0.2 through 5.0.4 for Microsoft Exchange and IBM Lotus Domino Visit http://www.blackberry.com/go/serverdownloads to obtain the interim security update for BlackBerry Enterprise Server Express. For BlackBerry Enterprise Server versions 5.0.2 through 5.0.4 for Microsoft Exchange and IBM Lotus Domino Visit http://www.blackberry.com/go/serverdownloads to obtain BlackBerry Enterprise Server version 5.0.4 MR2. For BlackBerry Enterprise Server versions 5.0.1 and 5.0.4 for Novell Groupwise Visit http://www.blackberry.com/go/serverdownloads to obtain BlackBerry Enterprise Server version 5.0.4 MR2. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBURw5qO4yVqjM2NGpAQL+0g//eJBKsfGrfL/263I3tUsLILtwm1NPsIUZ e0AE0q75YBY1Ecqtx6TnX4j40V7ZC2cC6RUL4wuLK+uD3u2+Ize2xDTJiJjqd6me vEQvr+68LvtG2ZxTiy5+LwfxCJtpsDsiQvnLxgsxtAlWZVzcCm482qSE227tpFfF LYxfgZyr6t+JTPYkrF+8M9K0IaZYMl1w7ehMNqcUzDqbeDzPiIx8RoRzLAP/uQqw bgChmm2VaPcd8Z8lGGVO56JgHvUwldKsWWYIYYtGWhcyZmGBLDc4SoB92NwTlAo4 9gYMwCvBwGMqGSREMEt7X0hyjr5QReZIko9OBzKBd4RQE9+57EO1NBBTVz23tltv 6Es4P9efcesk39uw2xtzmrAYADsXx3qu2/SPfYV4xmS5sBCKMMGtCeqx3p9IGv3u KvbHGiBxcr29WngvbWJsUENgWYx8Y5gZx5tpB9qNKEGK5ryml2bm9ZUTCGrbWYxW ScJ+SiXb+Y3nQ8v0Kj7qgKJJWzItCDoKMNG32PxXqGmRGZFE6+knD/uaSfwfzK4r RXcbOd2lAUk4r+T+y5r4H/A/CwgdYUw5zEDgfoc0PSkjhUvdUNTZmcWI7WxXLdTA W9Pjh1VWa33hf+4h31UtExDlP+8x1wufjKoADO+ZKoV6o2rMPeA1BFMQYC/iBXKS 5TYYkkGr9pc= =CaSL -----END PGP SIGNATURE-----