BlackBerry Enterprise Server vulnerable to dangerous TIFFs
BlackBerry has published details of critical vulnerabilities in components of its BlackBerry Enterprise Server (BES). The holes allow attackers to execute arbitrary code on systems running BlackBerry Enterprise Server.
The flaws affect the BlackBerry MDS Connection Service and BlackBerry Messaging Agent when they are processing TIFF images for rendering on BlackBerry smartphones. The MDS Connection Service flaw requires an attacker to create a web page and persuade a BlackBerry smartphone user to view that page and click on a link. With the Messaging Agent flaw it is possible for an attacker to embed a specially crafted image into an email to a user of the enterprise server; it is not necessary for a user to click on anything or even attempt to view the message for the exploit to take place. The underlying bugs, CVE-2012-2088 and CVE-2012-4447 exist in the libtiff library and are fixed in BES 5.0.4 MR2.
BES Express versions 5.0.2 to 5.0.4, BES for Microsoft Exchange and Lotus Domino 5.0.2 to 5.0.4, and BES for Novell Groupwise, 5.0.1 to 5.0.4 are all affected, as are earlier versions that are no longer supported by BlackBerry. There are interim security updates available for patching purposes or administrators can upgrade to version 5.0.4 MR2 which includes fixes for this and other issues. BlackBerry also offers some workarounds which involve removing the vulnerable image.dll handler and blocking inline image handling.