MS-ISAC ADVISORY NUMBER:
2009-030

DATE(S) ISSUED:
5/28/2009

SUBJECT:
Multiple Vulnerabilities in BlackBerry Attachment Service Could Allow Remote Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in the BlackBerry Attachment Service. The BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Professional Software that is used to process email attachments. The vulnerabilities affects the Blackberry Enterprise Server; not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the Blackberry Enterprise Server. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.

SYSTEMS AFFECTED:

  • BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 5.0
  • BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: N/A

DESCRIPTION:
Multiple vulnerabilities have been discovered in the BlackBerry Attachment Service. The vulnerabilities occur when the Attachment Service's PDF distiller attempts to process a specially crafted PDF file. The PDF distiller is a component of the Attachment Service that processes PDF files and converts them to a format that is easily rendered on a BlackBerry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition. There are no known exploits for these vulnerabilities at this time.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches provided by Research in Motion to vulnerable systems immediately after appropriate testing.
  • Until patches can be applied, consider applying the workarounds provided by Research in Motion.
  • Do not open email attachments from unknown or un-trusted sources.
  • Consider blocking PDF attachments at your email gateway.

REFERENCES:

Research in Motion:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB18327(New Window)

Security Focus:
http://www.securityfocus.com/bid/35102(New Window)

Secunia:
http://secunia.com/advisories/35254/(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.