| VID |
28134 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The BlackBerry Enterprise Server, according to its version number, has multiple buffer overflow vulnerabilities. The BlackBerry Attachment Service is a component of the Research in Motion (RIM) BlackBerry Enterprise Server. The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. RIM BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchange, and 4.0 for Novell GroupWise before SP3 Hotfix 1 are vulnerable to multiple buffer overflow vulnerabilities in BlackBerry Attachment Service. By supplying a specially-crafted TIFF image or Word document as an email attachment and convincing a user to view the image or document on a BlackBerry Handheld, a remote, unauthenticated attacker could execute arbitrary code on the system or cause the BlackBerry Attachment Service to crash.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167895
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/8149/8052/Support_-_Corrupt_Word_file_may_cause_buffer_overflow_in_the_BlackBerry_Attachment_Service.html?nodeid=1181753&vernum=2
http://archives.neohapsis.com/archives/bugtraq/2006-02/0160.html
http://blogs.washingtonpost.com/securityfix/2006/01/security_hole_e.html
http://www.kb.cert.org/vuls/id/570768
http://www.securitytracker.com/alerts/2005/Dec/1015426.html
* Platforms Affected:
BlackBerry Enterprise Server (IBM Lotus Domino) 2.2 and 4.0 before SP3 Hotfix 4
BlackBerry Enterprise Server (Microsoft Exchange) 3.6 before SP7 and 5.0 before SP3 Hotfix 3
BlackBerry Enterprise Server (Novell GroupWise) 4.0 before SP3 Hotfix 1
Microsoft Windows Any version |
| Recommendation |
Install the appropriate service pack / hotfix or follow the workarounds, as listed in the BlackBerry Support Knowledge Base Article KB-04791 at http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/8149/8052/Support_-_Corrupt_Word_file_may_cause_buffer_overflow_in_the_BlackBerry_Attachment_Service.html?nodeid=1181753&vernum=2 |
| Related URL |
CVE-2005-2341,CVE-2006-0761 (CVE) |
| Related URL |
16098,16590 (SecurityFocus) |
| Related URL |
23940,24629 (ISS) |
|
