RIM releases security update for Blackberry Enterprise Server

A vulnerability could have allowed hackers to access BES infrastructure and cause DoS attacks

Article comments

Research In Motion yesterday released an "interim security update" for BlackBerry Enterprise Server (BES) 5.0 Service Pack 2 (SP2) for Microsoft Exchange and IBM Lotus Domino due to a vulnerability that could have potentially allowed a hacker or other malicious person access to organisations' BES infrastructure. That flaw could have also been used to execute Denial of Service (DoS) attacks, according to the BlackBerry-maker. And it affects not just the full version of BES, but the free BES Express, as well.

And the BES security flaw is currently ranked 7.6, or "high severity," on a Common Vulnerability Scoring System (CVSS) scale of 0 to 10, with 10 representing the most critical flaws.

RIM releases security update for Blackberry Enterprise Server

From RIM: "The vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on.

"Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone."

The BES 5.0.2 flaw is related to the BlackBerry Attachment Service's PDF distiller component, and it's not the first time RIM has had to issues patches and security advisories due to problems with the PDF distiller. In fact, RIM issued at least three different PDF-distiller-related security updates since the summer of 2008. 

RIM advises BES administrators to update their BES 5.0.2 software for Exchange and Lotus Domino immediately, but to do so with caution, since performing the update process wrong can lead to additional issues. Find specifics on the BES flaw and the associated update process at RIM's BlackBerry Technical Solution Center.

And download the BES security patch for Exchange and Lotus Domino here.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *