Home Programs Emergency management Response CCIRC Analytical releases2 AV06-001: Update to Denial of Service vulnerabilities related to the Research in Motion BlackBerry
Update to AV06-001 Date: 11 January 2006 PURPOSEIn addition to the 3 vulnerabilities orginally posted below, the Research in Motion (RIM) BlackBerry Attachment Service contains a vulnerability in the way the service handles PNG files. By causing the service to render a specially crafted PNG file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could execute arbitrary code or cause a denial of service to the Attachment Service. ASSESSMENT The BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES). The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. A vulnerability in the way the service renders Portable Network Graphic (PNG) format image files could allow an attacker supplying a specially crafted PNG file to execute arbitrary code or cause the service to stop functioning. A user must view the attacker-supplied attachment on a BlackBerry Handheld in order to trigger the vulnerability. SUGGESTED ACTION CCIRC recommends that administrators review the RIM Technical Knowledge Center article KB-04756 which states: "For Microsoft Exchange Install BlackBerry Enterprise Server 4.0 Service Pack 3, then install version 4.0 Service Pack 3, Hotfix 1. For IBM Lotus Domino and Novell GroupWise Install BlackBerry Enterprise Server 4.0 Service Pack 3. To obtain the BlackBerry Enterprise Server software, go to www.blackberry.com/Downloads. WorkaroundAn administrator can exclude PNG images from being processed by the Attachment Service in the BlackBerry Enterprise Server, or disable the Attachment Service completely. To exclude PNG images from being processed by the Attachment Service On the desktop, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Enterprise Server Configuration. Click the Attachment Server tab. In the Format Extensions field, delete the PNG extension. Note: Format Extensions is an editable field that lists all the extensions that the Attachment Service will open. A colon is used as a delimiter. Click Apply, then click OK." For more information please refer to: http://www.blackberry.com/knowledgecenterpublic/ livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167794
http://www.kb.cert.org/vuls/id/646976 Number: AV06-001 Date: 05 January 2006 Denial of Service vulnerabilities related to the Research in Motion BlackBerry PURPOSEThe purpose of this advisory is to bring attention to 3 denial of service vulnerabilities related to the Research in Motion BlackBerry. ASSESSMENTThe Research in Motion (RIM) BlackBerry Enterprise Server Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a denial of service to the Attachment Service. The Research in Motion (RIM) BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description (JAD) file. The Research in Motion (RIM) BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol (SRP) packets. By sending specially crafted SRP packets to the router, an attacker could cause a denial of service. SUGGESTED ACTIONTIFF Image File Vulnerability Athough there is no patch from RIM at this time, RIM Technical Knowledge Center article KB-04757 suggests that "an administrator can selectively exclude TIFF images from being processed by the Attachment Service in the BlackBerry Enterprise Server, or disable the Attachment Service completely." For more information, please refer to: http://www.kb.cert.org/vuls/id/570768 http://events.ccc.de/congress/2005/fahrplan/events/596.en.html http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/ 2000/8021/728075/728850/728215/?nodeid=1167895 http://www.blackberry.com/knowledgecenterpublic/ livelink.exe/?func=doc.Fetch&nodeId;=739746 http://www.blackberry.com/ knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId;=780409 JAVA Application Descriptions (JAD) Files Vulnerability RIM Technical Knowledge Center article KB-04755 recommends "Install BlackBerry Device Software 4.0.2 or later." For more information, please refer to: http://www.kb.cert.org/vuls/id/829400 http://events.ccc.de/congress/2005/fahrplan/events/596.en.html http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/ 2000/8021/7925/8142/?nodeid=1167791 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId;=739746 Server Routing Protocol (SRP) Vulnerability Although there is no patch from RIM at this time, RIM Technical Knowledge Center article KB-04758 suggests that BlackBerry Routers and BES servers be deployed according to best practices, including restricting access to BlackBerry components using firewalls. Static DNS entries for BlackBerry Infrastructure hosts may help mitigate the risks of an attacker subverting DNS to impersonate the BlackBerry Infrastructure. For more information, please refer to: http://www.kb.cert.org/vuls/id/392920 http://events.ccc.de/congress/2005/fahrplan/events/596.en.html http://www.blackberry.com/knowledgecenterpublic/livelink.exe/ fetch/2000/8021/728075/728850/728215/?nodeid=1167898 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId;=739746 http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId;=817014 Note to ReadersPublic Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyze threats and to issue alerts, advisories and other information products. To report threats or incidents, please contact the Government Operations Centre (GOC) at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail. Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The Royal Canadian Mounted Police (RCMP) National Operations Centre (N.O.C.) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The N.O.C. can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620. For urgent matters or to report any incidents, please contact the Government Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: goc-cog@psepc-sppcc.gc.ca For general information on critical infrastructure protection and emergency preparedness, please contact PSEPC's Public Affairs division at: Telephone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 E-mail: communications@psepc-sppcc.gc.ca Web: www.psepc.gc.ca
|