Critical vulnerability in BlackBerry Enterprise Server [Update]
Crafted Portable Document Format files can allow an attacker to gain control of a BlackBerry server. According to a security advisory from BlackBerry vendor RIM, the bug is in the PDF Distiller component of the Attachment Service, which runs on the server and prepares PDF email attachments for display on a BlackBerry handheld. The bug is only triggered when a user opens the PDF on his or her BlackBerry handheld.
BlackBerry does not give any further information on the nature of the bug, but it can be used to inject and execute code on the server. BlackBerry Enterprise Server 4.1 Service Pack 3 (4.1.3) to 4.1 Service Pack 5 (4.1.5) and BlackBerry Unite! prior to 1.0 Service Pack 1 (1.0.1) Bundle 36 are affected. Whilst the problem has been fixed in BlackBerry Unite from bundle 36, according to the vendor no patch or update is as yet available for Enterprise Server.
As a workaround, RIM recommends disabling PDF processing in the Attachment Service. Precise instructions are given in the security advisory linked below. As RIM gives the security vulnerability a Common Vulnerability Scoring System (CVSS) score of 9.0 out of a maximum of 10, administrators are advised to take rapid action.
A similar vulnerability was recently found in libpoppler, the open source PDF rendering library.
Update: RIM has now published an update: BlackBerry Enterprise Server software version 4.1 Service Pack 6 – 4.1.6 – although according to reports from companies using the system, no problems have been encountered that could be attributed to this vulnerability.
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for BlackBerry Unite, security advisory from RIM
- Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server, security advisory from RIM