RIM warns of BlackBerry code execution security flaws

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone.

Research in Motion (RIM) has issued an advisory to warn of the risk of remote code execution attacks on the BlackBerry Enterprise Server.

The company shipped a patch that covers a total of five documented vulnerabilities that could be exploited via PNG or TIFF images.

From the RIM advisory:

follow Ryan Naraine on twitter

Vulnerabilities exist in how the BlackBerry MDS Connection Service and the BlackBerry Messaging Agent process PNG and TIFF images for rendering on the BlackBerry smartphone. Successful exploitation of any of these vulnerabilities might allow an attacker to gain access to and execute code on the BlackBerry Enterprise Server. Depending on the privileges available to the configured BlackBerry Enterprise Server service account, the attacker might also be able to extend access to other non-segmented parts of the network.

To exploit these vulnerabilities in how the BlackBerry MDS Connection Service processes PNG and TIFF images, an attacker would need to create a specially crafted web page and then persuade the BlackBerry smartphone user to click a link to that web page. The attacker could provide the link to the user in an email or instant message.

To exploit these vulnerabilities in how the BlackBerry Messaging Agent processes PNG and TIFF images, an attacker would need to embed specially crafted PNG and TIFF images in an email message and send the message to the BlackBerry smartphone user. The user does not need to click a link or an image, or view the email message, for the attack to succeed in this scenario.

Affected software includes:

  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
  • BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
  • BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
  • BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino

RIM said the BlackBerry smartphones and the BlackBerry Device Software are not affected by these vulnerabilities.