Denial of Service on the BlackBerry Router

Article ID: KB04758

Type:   Security Advisory

First Published: 05-10-06

Last Modified: 09-02-2010

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Lotus Domino
Collapse Products
ExpandAffected Software
  • BlackBerry® Enterprise Server 4.0 through 4.0 Service Pack 3 Hotfix 4
CollapseIssue Severity

Not assigned.

CollapseOverview

An issue in the BlackBerry Enterprise Server that is known to Research In Motion has been corrected in current releases of the BlackBerry Enterprise Server. An internal user sending malformed protocol packets could have caused a Denial of Service (DoS) for all BlackBerry Enterprise Server communication.

 

ExpandRecommendation
Complete the resolution actions documented in this advisory.
ExpandReferences
This article is in reference to US-CERT Advisory VU#392920.
CollapseProblem

The communication flow between the BlackBerry Enterprise Server and BlackBerry Router is disrupted.

CollapseResolution

Install BlackBerry Enterprise Server 4.0 Service Pack 4 or later.

CollapseAdditional Information

Visit www.blackberry.com/security for more information on BlackBerry security.

CollapseAcknowledgements
RIM thanks FX of Phenoelit  for reporting this issue to RIM, and working with RIM to protect its customers.
CollapseChange Log

09-02-10

Updates to article formatting. No technical content changed.

12-09-08

Update due to a system upgrade that did not affect article content.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.