MS-ISAC ADVISORY NUMBER:
2009-001

DATE(S) ISSUED:
1/13/2009

SUBJECT:
BlackBerry Attachment Service PDF Distiller File Parsing Vulnerability

OVERVIEW:

A vulnerability has been identified in the BlackBerry Attachment Service. BlackBerry Attachment Service is a component of "BlackBerry Enterprise Server" and "BlackBerry Unite!" that is used to process email attachments. Exploitation occurs when specially crafted PDF files are opened or viewed on the Blackberry handset and processed by the Blackberry Attachment Service. This affects the Blackberry Enterprise Server or Blackberry Unite!, and not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

SYSTEMS AFFECTED:

  • Research In Motion Blackberry Enterprise Server 4.1.3

  • Research In Motion Blackberry Enterprise Server 4.1.4

  • Research In Motion Blackberry Enterprise Server 4.1.5

  • Research In Motion Blackberry Enterprise Server 4.1.6

  • Research In Motion Blackberry Professional Software 4.1.4

  • Research In Motion Blackberry Unite! 1.0

  • Research In Motion Blackberry Unite! 1.0.1

  • Research In Motion Blackberry Unite! 1.0.1 bundle 36

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
A file parsing vulnerability has been discovered in the way PDF distiller of some versions of BlackBerry Attachment Service handles specially crafted PDF files. If a user opens a specially crafted PDF attachment, it may result in remote code being run on the Blackberry server. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply the appropriate update to vulnerable systems immediately after appropriate testing.
  • Until patches can be applied, consider removing PDF files from the supported file format list, or prevent the PDF distiller component from running.
  • Do not open email attachments from unknown or un-trusted sources.
  • Apply the principle of Least Privilege to all services.

REFERENCES:
SecurityFocus:
http://www.securityfocus.com/bid/33224/(New Window)

Blackberry:

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17118(New Window) http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB17119(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.