Vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server

Article ID: KB24761

Type:   Security Advisory

First Published: 12-14-10

Last Modified: 12-23-2010

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server Express for IBM Domino
  • BlackBerry Enterprise Server Express for Microsoft Exchange
  • BlackBerry Professional Software
  • BlackBerry Enterprise Server for IBM Domino
Collapse Products
ExpandAffected Software
The issue affects the BlackBerry® Attachment Service component of the following software versions:

  • BlackBerry Enterprise Server Express version 5.0.1 and 5.0.2 for Microsoft Exchange
  • BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.2 MR1 for Microsoft Exchange and IBM Lotus Domino
  • BlackBerry Enterprise Server versions 4.1.3 through 5.0.1 for Novell GroupWise
  • BlackBerry® Professional Software version 4.1.4 for Microsoft Exchange and IBM Lotus Domino
ExpandNon Affected Software
  • BlackBerry® Device Software
  • BlackBerry® Desktop Software
  • BlackBerry® Internet Service
ExpandAre BlackBerry smartphones and the BlackBerry Device Software affected?
No.
CollapseIssue Severity
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 7.8.
CollapseOverview
This advisory describes a security issue that the BlackBerry Attachment Service component of the BlackBerry Enterprise Server is susceptible to. The issue relates to a known vulnerability in the PDF distiller component of the BlackBerry Attachment Service that affects how the BlackBerry Attachment Service processes PDF files.

Issue Status: Vulnerability confirmed. Software containing security update released.
ExpandWho should read this advisory?

BlackBerry Enterprise Server administrators
ExpandWho should apply the software fix(es)?

BlackBerry Enterprise Server administrators
ExpandRecommendation

Complete the resolution actions documented in this advisory.

As a mobile device best practice, RIM recommends that users exercise caution when receiving email messages from untrusted sources, and opening files at the direction of untrusted sources.
ExpandReferences

CVE® Identifier: CVE-2010-2602

Related BlackBerry security advisories: KB15766, KB17118, KB17953, KB18327, KB19860, KB24547


The Interim Security Update referenced in this advisory contains a resolution for the new vulnerability described above as well as the issues addressed by the previous advisories listed. This is not a reissue of a previous security update, but a cumulative fix addressing a new issue and the previously addressed issues. Please see the earlier advisories for descriptions of those issues.




CollapseProblem

The vulnerability could allow a malicious individual to cause buffer overflow errors, which may result in arbitrary code execution on the computer that hosts the BlackBerry Attachment Service. While code execution is possible, an attack is more likely to result in the PDF rendering process terminating before it completes. In the event of such an unexpected process termination, the PDF rendering process will restart automatically but will not resume processing the same PDF file.

Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone.

CollapseResolution
RIM has issued the following releases and interim security software updates that resolve the vulnerability in affected versions of the BlackBerry Enterprise Server.

For BlackBerry Enterprise Server Express version 5.0.2 for Microsoft Exchange

For BlackBerry Enterprise Server Express version 5.0.1 for Microsoft Exchange

For BlackBerry Enterprise Server Express version 5.0.2 for IBM Lotus Domino

For BlackBerry Enterprise Server version 5.0.2 for Microsoft Exchange and IBM Lotus Domino

Note: Interim Security Update 2 is not necessary for customers with BlackBerry Enterprise Server software version 5.0.2 MR2 installed.

For BlackBerry Enterprise Server version 5.0.1 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise

For BlackBerry Enterprise Server version 5.0.0 for Microsoft Exchange and IBM Lotus Domino

Visit http://www.blackberry.com/go/serverdownloads to obtain Interim Security Update 5 for BlackBerry Enterprise Server software version 5.0.0.

For BlackBerry Enterprise Server version 4.1.7 for Microsoft Exchange and IBM Lotus Domino

For BlackBerry Enterprise Server version 4.1.7 for Novell GroupWise

For BlackBerry Enterprise Server version 4.1.6 for Microsoft Exchange, IBM Lotus Domino, and Novell GroupWise


If you are using a software version that is not listed above, update to one of the listed versions before applying the interim security software update, or refer to the Workaround section of this advisory.
CollapseWorkaround

Prevent the BlackBerry Attachment Service from processing PDF files in a BlackBerry Enterprise Server environment

The administrator can prevent the BlackBerry Attachment Service from processing PDF files by editing the list of file format extensions that the BlackBerry Attachment Service opens, and then preventing the PDF attachment distiller from running on the BlackBerry Attachment Service.

Step 1: To remove the PDF file extension from the list of supported file format extensions, complete the following actions:

For BlackBerry Enterprise Server versions earlier than 5.0, and BlackBerry Professional Software

  1. From the Windows Desktop, open the BlackBerry Server Configuration tool.
  2. Click the Attachment Server tab.
  3. In the Format Extensions field, delete pdf: from the colon–delimited list of extensions.
  4. Click Apply.
  5. Click OK.

For BlackBerry Enterprise Server version 5.0 or later and BlackBerry Enterprise Server Express version 5.0.2

  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Connector.
  2. Click the BlackBerry Attachment Connector instance that is associated with the BlackBerry Attachment Service that you want to change.
  3. In the Support Attachment Server instances tab, click Edit instance.
  4. Click the Edit icon.
  5. Click the Delete icon for the PDF extension.
  6. Click Save all.

Step 2: Until the administrator prevents the PDF attachment distiller from running, the BlackBerry Attachment Service still detects a PDF file with a renamed extension (in other words, its extension is not .pdf) and attempts to process the file automatically. To prevent the PDF attachment distiller from running, complete the following actions:

For BlackBerry Enterprise Server versions earlier than 5.0, BlackBerry Enterprise Server Express, and BlackBerry Professional Software

  1. On the Windows Desktop, open the BlackBerry Server Configuration tool.
  2. Click the Attachment Server tab.
  3. In the Configuration Option drop-down list, select Attachment Server.
  4. In the Distiller Settings section, next to the distiller name Adobe PDF, clear the check box in the Enabled column
  5. Click Apply.
  6. Click OK.
  7. On the Windows Desktop, in Administrative Tools, open Services.
  8. Right-click BlackBerry Attachment Service and click Stop.
  9. Right-click BlackBerry Attachment Service and click Start
  10. Close Services.

For BlackBerry Enterprise Server version 5.0 or later

  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Attachment > Server.
  2. Click the instance that you want to change.
  3. Click Edit instance.
  4. In the Distiller section, in the Allowed column, specify which distillers are supported for the instance.
  5. Click Save.
  6. Restart the BlackBerry Attachment Service.

For all versions

In Microsoft Exchange and Novell GroupWise environments, complete the following additional steps:
  1. On the Windows Desktop, in Administrative Tools, open Services.
  2. Right-click BlackBerry Dispatcher and click Stop.
  3. Right-click BlackBerry Dispatcher and click Start.
  4. Close Services

Note: Restarting BlackBerry Enterprise Server services might delay message delivery to BlackBerry devices. For more information, see KB04789.

 

In IBM Lotus Domino environments, complete the following additional steps:

 

For BlackBerry Enterprise Server versions earlier than 5.0

  1. Open the Lotus Domino Administrator.
  2. Click the Server tab.
  3. Click the Status tab.
  4. Click Server Console.
  5. In the Domino Command field, type tell BES quit and press ENTER.
  6. In the Domino Command field, type load BES and press ENTER.
  7. Close the Lotus Domino Administrator.

For BlackBerry Enterprise Server version 5.0 or later

 

Note: The administrator should not use the IBM Lotus Domino console to stop and start the BlackBerry Messaging Agent. If the administrator uses the IBM Lotus Domino console, the BlackBerry Messaging Agent libraries might not load properly and, if the administrator configures high availability, the BlackBerry Messaging Agent might not start correctly as the primary or standby instance.

  1. Stop and start the BlackBerry Controller service and BlackBerry Dispatcher service in the Windows Services, or stop and start the BlackBerry Enterprise Server in the BlackBerry Administration Service.

CollapseAdditional Information

CVE

Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE corporation.

CVSS

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.

Visit www.blackberry.com/security for more information on BlackBerry security.

CollapseChange Log
12-21-10
The article has been updated to change the list of affected software to exclude BlackBerry Enterprise Server version 5.0.2 MR2 for Microsoft Exchange and IBM Lotus Domino.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.