BSRT-2012-001 Vulnerability in Samba service impacts BlackBerry PlayBook tablet file sharing

Article ID: KB29565

Type:   Security Advisory

First Published:

02-21-2012

Last Modified: 02-28-2012

 

Product(s) Affected:

  • Tablets
Collapse Products
ExpandAffected Software
BlackBerry PlayBook tablet software versions earlier than 2.0
ExpandNon Affected Software
BlackBerry PlayBook tablet software version 2.0 and later
ExpandAre BlackBerry smartphones and the BlackBerry Device Software affected?
No.
CollapseIssue Severity
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 8.3.
CollapseOverview

A vulnerability that could allow remote code execution on a BlackBerry PlayBook tablet exists in the open source Samba software suite for file and print services that the BlackBerry PlayBook file sharing service uses. A remote attacker could use the vulnerability to launch an exploit over a Wi-Fi® network to take control of the operating system of an affected tablet that has file sharing over Wi-Fi turned on. A tablet could also be vulnerable when connected to a computer using USB if the attacker has physical access to that computer. RIM is not currently aware of this issue being used in attacks against BlackBerry customers.

File sharing over Wi-Fi is turned off by default on the BlackBerry PlayBook. A tablet user would have to deliberately turn on Wi-Fi file sharing to be vulnerable to this issue over Wi-Fi. As best practices, RIM recommends that users keep physical possession of their BlackBerry PlayBook tablets, lock access to any computer they connect the tablet to over USB, and do not turn on Wi-Fi file sharing unless they are intending to share files over a trusted Wi-Fi network. 

ExpandWho should read this advisory?
  • BlackBerry PlayBook tablet users
  • IT administrators who deploy BlackBerry PlayBook tablets in an enterprise
ExpandWho should apply the software fix(es)?
  • BlackBerry PlayBook tablet users
  • IT administrators who deploy BlackBerry PlayBook tablets in an enterprise
ExpandRecommendation
Complete the resolution actions documented in this advisory. RIM recommends that all users apply the available software update to fully protect their BlackBerry PlayBook tablet.
ExpandReferences

CVE® Identifier: CVE-2012-0870

Samba Security Announcement: CVE-2012-0870: Remote code execution vulnerability in smbd

CollapseProblem

A remote code execution vulnerability exists in the Samba 3.0 service delivered with the BlackBerry PlayBook file sharing service. The Samba service is part of an open source software suite used for file sharing between the tablet and a host computer. A remote attacker could use the vulnerability to launch an exploit over a Wi-Fi network or use physical access to a USB-connected tablet to gain root access on the tablet.

An affected BlackBerry PlayBook tablet user who connects the tablet to a computer by USB, or who enables Wi-Fi file sharing when connected to a Wi-Fi network is vulnerable to an attack that exploits this issue.

ExpandImpact

An attacker who successfully exploited this vulnerability could take control of an affected tablet. An attacker could then install programs and view, change, or delete data.

Mitigations

  • Wi-Fi file sharing is not turned on by default. The tablet user would have to choose to turn on both the File Sharing option (a prerequisite for Wi-Fi file sharing) and the Wi-Fi File Sharing option to be vulnerable to this issue when connected to a Wi-Fi network.
  • If the tablet is not connected to a Wi-Fi network, the attacker must have physical access to a computer that the user's tablet is connected to over USB to exploit this issue.
  • The BlackBerry PlayBook tablet uses compiler-based and runtime defenses that increase the difficulty of exploiting this issue over a USB connection or a Wi-Fi network.
CollapseResolution

RIM has issued BlackBerry PlayBook tablet software version 2.0.0.7971, which resolves this vulnerability on affected versions of the tablet. Update your BlackBerry PlayBook tablet software to version 2.0.0.7971 or later to apply the update.

Note: This BlackBerry PlayBook tablet update includes all previously released security updates to the BlackBerry Tablet OS.

Update by Accessing the Software Update Notification

Your BlackBerry PlayBook tablet uses notifications to keep you informed about software updates. When a new software update notification comes in, it appears in the BlackBerry PlayBook status ribbon at the top of the screen.

Simply view your notifications and follow the steps to access the latest software update notification and complete the software update.

Manually Check for Software Updates

  1. From the home screen, tap the  icon to open Options.
  2. Tap Software Updates.
  3. Tap Check for Updates.

After you update your software, the screen will indicate that you have installed BlackBerry Tablet OS version 2.0.0.7971 or later.

CollapseWorkaround

All workarounds should be considered temporary measures for customers to employ if they cannot install the update immediately or must perform standard testing and risk analysis. RIM recommends that customers without these requirements simply install the update to secure their systems.

Disabling file sharing over Wi-Fi networks

  1. On your tablet, tap the icon.
  2. In the Settings menu, tap Storage & Sharing.
  3. Set the Wi-Fi Sharing switch to Off.

Related best practices

  • Users should enable Wi-Fi file sharing only while they are connected to trusted networks and intend to share files. Users should not enable Wi-Fi file sharing on their BlackBerry PlayBook tablet when they are not actively sharing files.
  • Users should connect their BlackBerry PlayBook tablets over USB connections to trusted computers only.
CollapseAdditional Information

Have any BlackBerry customers been subject to an attack that exploits this vulnerability?

RIM is not aware of any attacks on or specifically targeting BlackBerry PlayBook tablet users.

How would an attacker exploit this vulnerability?

An attacker would send a specially crafted packet to the tablet over the Wi-Fi network or USB connection.

What component does this vulnerability affect?

This vulnerability affects the file sharing capability of the BlackBerry PlayBook tablet.

What is Samba?

Samba is an open source software suite used for file sharing between different platforms. Samba is developed by the Samba Team. For more information, see Samba.

Does turning off the File Sharing option protect me against this vulnerability while my tablet is using a USB connection?

No, the ability to share files over USB is always enabled on your tablet. Turning on the File Sharing option gives you access to specific files and folders that you can then share over the USB connection if you configure additional authentication options.

Does setting a unique password for file sharing help protect me against this vulnerability?

No, using a password for file sharing is not a workaround for this vulnerability.

Does the BlackBerry PlayBook tablet force me to update my software?

No, your action is required to update the software. Your BlackBerry PlayBook tablet uses notifications to keep you informed about software updates and allows you to easily complete a software update. You can also manually check for software updates. See the Resolution section of this advisory for steps to update your software.

How can I find out what version of BlackBerry Tablet OS I am running?

From the home screen, tap the  icon, tap About, and view the OS Version field in the General settings.

Are new (still in the box) BlackBerry PlayBook tablets exposed to this vulnerability?

No. During the initial setup process, the BlackBerry PlayBook tablet will download and install the latest version of the BlackBerry Tablet OS, which will be version 2.0.0.7971 or later. The fix for this vulnerability is included in all future versions of the BlackBerry PlayBook tablet software.

What is CVE?

Common Vulnerabilities and Exposures (CVE) is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE corporation.

What is CVSS?

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.

What is the significance of the “BSRT-2012-001” in front of the advisory title?

Beginning in 2012, RIM is using an additional number series to assist customers in identifying our security notices and advisories. The number consists of “BSRT” to signify the BlackBerry Security Incident Response Team as the publisher, the current year, and a sequential number for the security notice or advisory in that year. This security notice or advisory number is in addition to the KB number, which is a separate series for all articles in the BlackBerry Technical Solution Center, whether they are security-related or not.

Where can I read more about BlackBerry PlayBook security?

Read the BlackBerry Bridge App and BlackBerry PlayBook Tablet 2.0 Security Technical Overview for more information on security features in the BlackBerry PlayBook tablet.

Where can I read more about the security of BlackBerry products and solutions?

Visit http://www.blackberry.com/security for more information on BlackBerry security.

CollapseAcknowledgements
RIM acknowledges the following security researcher for reporting CVE-2012-0870 and other issues to RIM: Andy Davis (NGS Secure).
CollapseChange Log

02-28-12

Article updated to specify affected version of Samba service and to link to the Samba Security Announcement.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.