[jibi]

More info and a rather jumbled news article can be found in the news section:
http://www.blackberryforums.com/show...061#post152061

US-CERT Advisory for TIFF (there is not one published that I can find for PNG):
http://www.kb.cert.org/vuls/id/570768

US-CERT Advisory for DoS:
http://www.kb.cert.org/vuls/id/392920

RIM KB Article for TIFF:
http://www.blackberry.com/knowledgec...nodeid=1167895

RIM KB Article for PNG:
http://www.blackberry.com/knowledgec...nodeid=1167794

RIM KB Article for DoS:
http://www.blackberry.com/knowledgec...nodeid=1167898

[rsun]

Anyone ever hear if RIM is going to release a hotfix for this?

[Joseph4200]

I read about this yesterday.

Even though RIM has stated that it only effects the Blackberry's ability to open attachments, Brian kregs from the washington post did some investigating. THe following is quoted from his blog.

Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.

http://blogs.washingtonpost.com/secu...ty_hole_e.html

[markerman]

I have been looking for the attachment filter in the BES management console. Is there such a configuration or are they refering to filtering at the email server level? Thanks in advance.

[markerman]

Read the RIM article linked in jibi's post.

[markerman]

Quote:

Originally Posted by Joseph4200

I read about this yesterday.

Even though RIM has stated that it only effects the Blackberry's ability to open attachments, Brian kregs from the washington post did some investigating. THe following is quoted from his blog.

Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.

http://blogs.washingtonpost.com/secu...ty_hole_e.html

I thought the communication path is one way, from the server to the handheld? Is it possible for the handheld to pass on code to the server?

[jibi]

Quote:

Originally Posted by markerman

I thought the communication path is one way, from the server to the handheld? Is it possible for the handheld to pass on code to the server?

The server processes attachments (hence the attachment server piece) and formats it to send to the handheld. Its not the handheld that opens the attachment where the issue is found - its when its opened from your inbound email by the BES and processed by the attachment server.

[jibi]

Quote:

Originally Posted by markerman

I have been looking for the attachment filter in the BES management console. Is there such a configuration or are they refering to filtering at the email server level? Thanks in advance.

Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration

[jibi]

Quote:

Originally Posted by Joseph4200

I read about this yesterday.

Even though RIM has stated that it only effects the Blackberry's ability to open attachments, Brian kregs from the washington post did some investigating. THe following is quoted from his blog.

Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.

http://blogs.washingtonpost.com/secu...ty_hole_e.html

The guy is an uninformed moron of a reporter who cannot seem to grasp the concept that there are more than one vulnerability. In the original blog, he talked about the TIFF vulnerability. In the update, after speaking to FX, he wrote of the PNG vulnerability and stated it was fixed already, although this was seemingly applied to the previously mentioned TIFF vulnerability. The blog/article should have read that there was an exploit for both TIFF and PNG files, the latter being fixed as of SP3 and the former still being an issue. If he could read correctly, he'd notice that RIM has published these findings in B&W, so contacting them for anything more than an ETA on a fix was useless.

[markerman]

Quote:

Originally Posted by jibi

The server processes attachments (hence the attachment server piece) and formats it to send to the handheld. Its not the handheld that opens the attachment where the issue is found - its when its opened from your inbound email by the BES and processed by the attachment server.

But can the exploit happen as explained in Joseph4200's post?

Quote:

Originally Posted by Joseph4200

Lindner found that by convincing a Blackberry user to click on a special image attachment, that handheld device could be made to pass on malicious code to the Blackberry server, which could then be taken over and used to intercept e-mails or as a staging point for other attacks within the network.

[jibi]

Yes.

[markerman]

Cool, I've removed those two file extensions from the attachment service.

[T-Roy]

A lot of media have reported information incorrectly, and there seems to be a lot of FUD.

These are 2 seperate issues.

PNG - Could potentially allow remote code execution. A fix has been available for months in BES Sp3 HotFix 1.

The exploit in Joseph4200's post is not possible eveb if your BES software is not up to date. Your attachment service runs as a local system account and does not have access to the SQL database, or other Network Resources.

TIFF - Can cause the attachment service to crash. No fix available. Attachment service runs 5 processes and automatically restarts. Potentially create DoS if users consitantly try to open an effected TIFF.

A lot of what I have read say there is no fix available (from the tiff kb) and could allow arbitrary code execution (from the png kb) which is completely untrue.

[elvis2k5]

Wouldn't most corporate Virus Scanners block a malformed file anyway?