Fixes in for BlackBerry vulnerability

By Bill Brenner, Senior News Writer 11 Jan 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

For the second time in as many weeks, Research In Motion Ltd. (RIM) is acknowledging that its BlackBerry Enterprise Server is vulnerable to attack.

This time, the problem is that attackers could use a corrupt Portable Network Graphics (PNG) file to block a user's ability to view attachments. It could also be exploited to launch malicious code on the BlackBerry Attachment Service component of the server, an add-on that enables BlackBerry users to open and view e-mail attachments on their devices.

The vulnerability has been reported in version 4.0 Service Pack 2.

More on BlackBerry security Flaws found in BlackBerry server BBC suspends BlackBerry service amid security scare Is wireless security pointless?

For those using Microsoft Exchange, the Waterloo, Ontario-based vendor recommended installing BlackBerry Enterprise Server 4.0 Service Pack 3, then installing version 4.0 Service Pack 3, Hotfix 1. IBM Lotus Domino and Novell GroupWise users should install BlackBerry Enterprise Server 4.0 Service Pack 3, the company said.

As a workaround, administrators "can exclude PNG images from being processed by the attachment service in the BlackBerry Enterprise Server, or disable the attachment service completely," the vendor said.

Last week, RIM acknowledged that attackers could exploit flaws in BlackBerry Enterprise Server to cause a denial of service. Danish vulnerability clearinghouse Secunia issued its own advisory describing two problems:

• An error in how malformed TIFF image attachments are handled can be exploited to prevent a BlackBerry user from viewing attachments.
• An error in how Server Routing Protocol (SRP) packets are handled can be exploited to disrupt the communication between the BlackBerry Enterprise Server and BlackBerry Router service, potentially causing a denial of service.

Secunia noted that for successful exploitation, the attacker must connect to the BlackBerry Server/Router via TCP port 3101.

As a workaround, RIM recommended ensuring TIFF images aren't processed by the attachment service and/or disabling the image attachment distiller. The vendor added that the BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment.

Tags: Handheld and Mobile Device Security Best Practices,  Wireless Network Protocols and Standards,  Malware, Viruses, Trojans and Spyware,  Smartphone and PDA Viruses and Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Handheld and Mobile Device Security Best Practices How to prevent mobile phone spying Unified communications: Securing a converged infrastructure RIM patches serious BlackBerry Attachment Service flaws How secure are iPhone App Store mobile applications? Is there a spy on my mobile device? Mobile phones win during Pwn2Own contest Latest Apple iPhone features prompt security concerns Apple iPhone app could boost two-factor What Obama's Blackberry means for mobile device security SMS mobile worm attacks Symbian smartphones Handheld and Mobile Device Security Best Practices Research Wireless Network Protocols and Standards Wireless Security Lunchtime Learning An introduction to wireless security A wireless network vulnerability assessment checklist Lesson 1: How to counter wireless threats and vulnerabilities Lesson 1 quiz: Risky business Wireless Security Lunchtime Learning Entrance Exam Risky Business: Understanding WiFi threats Study reveals lack of financial wireless computer security Preparing enterprise Wi-Fi networks for PCI compliance Cracks in WPA? How to continue protecting Wi-Fi networks Malware, Viruses, Trojans and Spyware ISP shutdown latest cat-and-mouse game with hackers How to get rid of malware, botnets on a hospital IT network How can search results lead to malware? How to prevent mobile phone spying Should a national cybersecurity strategy include offensive botnets? How to defend against rogue DHCP server malware New Trojan stealing FTP credentials, attacking FTP websites Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths When BIOS updates become malware attacks Antispyware buying guide for Indian enterprises

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) government Trojan  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary