Home > Mobile Computing News > Fixes in for BlackBerry vulnerability
Mobile Computing News:
EMAIL THIS LICENSING & REPRINTS

Fixes in for BlackBerry vulnerability

By Bill Brenner, Senior News Writer
18 Jan 2006 | SearchSecurity.com

News on networking, mobility and voice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

For the second time in as many weeks, Research In Motion Ltd. (RIM) is acknowledging that its BlackBerry Enterprise Server is vulnerable to attack.

This time, the problem is that attackers could use a corrupt Portable Network Graphics (PNG) file to block a user's ability to view attachments. It could also be exploited to launch malicious code on the BlackBerry Attachment Service component of the server, an add-on that enables BlackBerry users to open and view e-mail attachments on their devices.

The vulnerability has been reported in version 4.0 Service Pack 2.

More on BlackBerry security

Flaws found in BlackBerry server

BBC suspends BlackBerry service amid security scare

Is wireless security pointless?
For those using Microsoft Exchange, the Waterloo, Ontario-based vendor recommended installing BlackBerry Enterprise Server 4.0 Service Pack 3, then installing version 4.0 Service Pack 3, Hotfix 1. IBM Lotus Domino and Novell GroupWise users should install BlackBerry Enterprise Server 4.0 Service Pack 3, the company said.

As a workaround, administrators "can exclude PNG images from being processed by the attachment service in the BlackBerry Enterprise Server, or disable the attachment service completely," the vendor said.

Last week, RIM acknowledged that attackers could exploit flaws in BlackBerry Enterprise Server to cause a denial of service. Danish vulnerability clearinghouse Secunia issued its own advisory describing two problems:

  • An error in how malformed TIFF image attachments are handled can be exploited to prevent a BlackBerry user from viewing attachments.
  • An error in how Server Routing Protocol (SRP) packets are handled can be exploited to disrupt the communication between the BlackBerry Enterprise Server and BlackBerry Router service, potentially causing a denial of service.

Secunia noted that for successful exploitation, the attacker must connect to the BlackBerry Server/Router via TCP port 3101.

As a workaround, RIM recommended ensuring TIFF images aren't processed by the attachment service and/or disabling the image attachment distiller. The vendor added that the BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment.

Tags: Mobile Device SecurityBluetoothVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersProducts
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts