BlackBerry Enterprise Server Denial of Service Vulnerabilities

Release Date:

Alert level: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Workaround

BlackBerry Enterprise Server for Domino 4.x
BlackBerry Enterprise Server for Exchange 4.x
BlackBerry Enterprise Server for Novell GroupWise 4.x

CVE Ref:

FX has reported some vulnerabilities in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error exists in the Attachment Service when handling malformed TIFF image attachments. This can be exploited to prevent a BlackBerry user from viewing attachments.

2) An error exists in the handling of Server Routing Protocol (SRP) packets. This can be exploited to disrupt the communication between BlackBerry Enterprise Server and BlackBerry Router, potentially causing a DoS.

Successful exploitation requires that the attacker is able to connect to the BlackBerry Server/Router via port 3101/tcp.

The vulnerabilities have been reported in BlackBerry Enterprise Server version 4.0 and later.

The vendor recommends the following workaround.

1) Exclude TIFF images from being processed by the Attachment Service and/or disable the image attachment distiller.

2) The BlackBerry Enterprise Server and the BlackBerry Router should be placed behind the firewall in a trusted network segment.

Refer to the vendor's original advisory for specific instructions.

Provided and/or discovered by:
FX, Phenoelit.

Original Advisory:

Other References:
US-CERT VU#570768:

US-CERT VU#392920: