RIM analysis of buffer overrun in decompression algorithm

Article ID: KB04075

Type:   Security Advisory

First Published: 06-07-05

Last Modified: 09-02-2010

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
Collapse Products
ExpandAffected Software
  • BlackBerry® Enterprise Server version 4.0 Service Pack 1 and earlier
CollapseIssue Severity

Not assigned.

CollapseOverview

A report issued by Imad Lahoud of the EADS Corporate Research Center IT Security Lab in France identified an issue in the BlackBerry Enterprise Server that is known to Research In Motion (RIM) and has been corrected.

Issue Status: Vulnerability confirmed. Software containing security update released.

ExpandRecommendation
Complete the resolution actions documented in this advisory.
CollapseProblem

A buffer overrun condition exists in the way that BlackBerry Enterprise Server software version 4.0 Service Pack 1 and earlier handle certain data packets. This vulnerability could potentially allow for remote code execution. RIM has determined that exploiting this vulnerability would be difficult.

CollapseResolution

RIM recommends that customers apply the update at the earliest opportunity for the following BlackBerry products:

IBM® Lotus® Domino®

  • BlackBerry Enterprise Server software version 4.0 Service Pack 1 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 1  OR BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 3
  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Hotfix 3
  • BlackBerry Enterprise Server software version 2.2 Service Pack 5 - Download BlackBerry Enterprise Server software version 2.2 Service Pack 5 Hotfix 2

Microsoft® Exchange

  • BlackBerry Enterprise Server software version 4.0 Service Pack 1 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 2  OR BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 3
  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Hotfix 3
  • BlackBerry Enterprise Server software version 3.6 Service Pack 5 - Download BlackBerry Enterprise Server software version 3.6 Service Pack 5 Hotfix 1

Novell® GroupWise®

  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1

These downloads are available at the following link: http://www.blackberry.com/support/downloads/index.shtml

CollapseAdditional Information

Visit www.blackberry.com/security for more information on BlackBerry security.

CollapseAcknowledgements
RIM would like to acknowledge Imad Lahoud of the EADS Corporate Research Center IT Security Lab in France for their involvement in helping protect our customers.
CollapseChange Log

09-02-10

Updates to article formatting. No technical content changed.

12-09-08

Update due to a system upgrade that did not affect article content.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.