Oct 15, 2010
Vuln:RIM issue advisory on Enterprise Blackberry Server
With a vulnerability score rating of 7.6 this is rather serious, the vulnerability lies in the PDF distiller component of the Blackberry attachment service on Enterprise server. The issue is a simple buffer overflow which could allow malicious individuals to execute a Denial of Service (DoS) attack. To successfully exploit this vulnerability a Blackberry user needs to open a specially grafted PDF file using the Get Link menu item on their Blackberry smartphone.
Affected Software:
BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange
BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for Microsoft Exchange
BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7 and earlier for IBM Lotus Domino
BlackBerry Enterprise Server versions 5.0.1, 4.1.7 and earlier for Novell GroupWise
BlackBerry® Professional Software version 4.1.4 and earlier for Microsoft Exchange and IBM Lotus Domino
Do read the advisory and patch up rather urgently.
Would this affect my ISP, we don’t run our own BB server it’s hosted.
Yes they will be affected too, if they are running one of the affected software versions I would contact them ASAP to make sure they are aware of the advisory and have patched the vulnerability.