MS-ISAC ADVISORY NUMBER:
2009-080

DATE(S) ISSUED:
12/2/2009

SUBJECT:
Multiple Vulnerabilities in BlackBerry Attachment Service

OVERVIEW:

Multiple vulnerabilities have been discovered in the BlackBerry Attachment Service. The BlackBerry Attachment Service is a component of BlackBerry Enterprise Server and BlackBerry Professional Software that is used to process email attachments. These vulnerabilities affect the Blackberry Enterprise Server; not the Blackberry handset. Successful exploitation may result in an attacker gaining complete control of the Blackberry Enterprise Server. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.

SYSTEMS AFFECTED:

  • BlackBerry Enterprise Server software version 4.1.3 through 5.0
  • BlackBerry Professional Software 4.1 Service Pack 4 (4.1.4)

RISK:

Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: N/A

DESCRIPTION:
Multiple vulnerabilities have been discovered in the BlackBerry Attachment Service. The vulnerabilities occur when the Attachment Service's PDF distiller attempts to process a specially crafted PDF file. The PDF distiller is a component of the Attachment Service that processes PDF files and converts them to a format that is easily rendered on a BlackBerry handset. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the service, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition. There are no known exploits for these vulnerabilities at this time.

Please note that systems running BlackBerry Enterprise Server software 5.0.0 on Microsoft Windows 2003 and 2008 include defensive tools by default that mitigate these vulnerabilities. For more information, please see the following Microsoft article for more details: http://technet.microsoft.com/en-us/library/cc725998(WS.10).aspx(New Window)

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate patches provided by Research in Motion to vulnerable systems immediately after appropriate testing.
  • Until patches can be applied, consider applying the workarounds provided by Research in Motion.
  • Do not open email attachments from unknown or un-trusted sources.
  • Consider disabling the PDF attachment distiller until patches can be applied.

REFERENCES:

Research in Motion:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB19860(New Window)

Security Focus:
http://www.securityfocus.com/bid/37167(New Window)

Secunia:
http://secunia.com/advisories/37562(New Window)

Vupen:
http://www.vupen.com/english/advisories/2009/3372(New Window)


This cyber advisory was issued by the Multi-State Information Sharing and Analysis Center (MS-ISAC) and was intended for government entities. The information may or may not be applicable to the general public and accordingly, the MS-ISAC does not warrant its use for any specific purposes.