Corrupt PNG file may cause heap overflow in the BlackBerry Attachment Service

Article ID: KB04756

Type:   Security Advisory

First Published:

Last Modified: 09-02-2010

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
CollapseIssue Severity
  • BlackBerry® Enterprise Server software versions 4.0 (4.0.0) through 4.0 Service Pack 2 (4.0.2)
  • IBM® Lotus Domino®
  • Microsoft® Exchange
  • Novell® GroupWise®

Advisory posted: 06 January 2006

Note
: The technical content of this article was last modified on 01/06/06. The Last Modified date that appears in the top right of the article indicates an update due to a system upgrade that did not affect article content.

CollapseProblem

A presentation by FX of Phenoelit has identified an issue in the BlackBerry Enterprise Server that is known to Research In Motion (RIM) and has been corrected in current releases of the BlackBerry Enterprise Server. This article is in reference to US-CERT Advisory VU#646976.

A corrupt Portable Network Graphics (PNG) file sent to a BlackBerry device may impede the ability to view attachments, and could potentially provide a means to execute arbitrary code on the BlackBerry Attachment Service component of the BlackBerry Enterprise Server.

CollapseResolution

Perform the appropriate resolution for your BlackBerry Enterprise Server environment.

For Microsoft Exchange

Install BlackBerry Enterprise Server software version 4.0 Service Pack 3 (4.0.3), then install software version 4.0.3, Hotfix 1.

For IBM Lotus Domino and Novell GroupWise

Install BlackBerry Enterprise Server software version 4.0.3.

To obtain the BlackBerry Enterprise Server software, go to www.blackberry.com.

CollapseWorkaround

An administrator can exclude PNG images from being processed by the BlackBerry Attachment Service in the BlackBerry Enterprise Server, or disable the BlackBerry Attachment Service completely.

To exclude PNG images from being processed by the BlackBerry Attachment Service

  1. Go to Start > Programs > BlackBerry Enterprise Server > BlackBerry Enterprise Server Configuration.
  2. Click the Attachment Server tab.
  3. In the Format Extensions field, delete the PNG extension.

    Note: Format Extensions is an editable field that lists all the extensions that the BlackBerry Attachment Service will open. A colon is used as a delimiter.

  4. Click Apply, then click OK.
CollapseAdditional Information

Even though the PNG extension has been removed from the list of supported file types, the BlackBerry Attachment Service may automatically detect a PNG file with a renamed extension and attempt to process the file. Administrators may need to disable the image attachment distiller.

To disable the image attachment distiller

  1. On the desktop, click Start > Programs > BlackBerry Enterprise Server > BlackBerry Enterprise Server Configuration.
  2. On the Attachment Server tab, select Attachment Server from the Configuration Option drop-down list.
  3. In the Distiller Settings section of the window, clear the Enabled check box for Image Attachments.
  4. Click Apply, then click OK.
  5. In Microsoft Windows® Administrative Tools, double-click Services.
  6. Right-click BlackBerry Attachment Service, then click Stop.
  7. Right-click BlackBerry Attachment Service, then click Start.
  8. Close the Services window.


Visit www.blackberry.com/security for more information on BlackBerry security.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.