9.3 - VU#289235

Executive Summary

Summary
Title	BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution

Informations
Name	VU#289235	First vendor Publication	2008-07-18
Vendor	VU-CERT	Last vendor Modification	2008-07-18
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#289235

BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution

Overview

The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

The BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES) and BlackBerry Unite!. The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. An unspecified vulnerability in the PDF distiller component of the BlackBerry Attachment Service may allow arbitrary code execution on the system that runs the vulnerable service.

II. Impact

By convincing a user to open a specially-crafted PDF attachment on a BlackBerry smartphone, a remote, unauthenticated attacker may be able to execute arbitrary code on the system that runs the BlackBerry Attachment Service.

III. Solution

Apply an update

This issue is addressed in BlackBerry Enterprise Server 4.1 Service Pack 6 (4.1.6). Please see BlackBerry document KB15766 for more details.
This issue is also addressed in BlackBerry Unite! 1.0 Service Pack 1 (1.0.1) bundle 36. Please see BlackBerry document KB15770 for more details.

Prevent the BlackBerry Attachment Service from processing PDF files

BlackBerry document KB15766 and KB15770 outline several ways of preventing the BlackBerry Enterprise Server and BlackBerry Unite! from processing PDF files, which can help mitigate this vulnerability.

Systems Affected

Vendor	Status	Date Updated
Research in Motion (RIM)	Vulnerable	18-Jul-2008

References

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15766
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html
http://secunia.com/advisories/31092/
http://secunia.com/advisories/31141/

Credit

This issue was reported by Research In Motion.

This document was written by Will Dormann.

Other Information

Date Public	07/17/2008
Date First Published	07/18/2008 10:07:57 AM
Date Last Updated	07/18/2008
CERT Advisory
CVE Name
US-CERT Technical Alerts
Metric	20.31
Document Revision	6

Original Source

Url : http://www.kb.cert.org/vuls/id/289235

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-94	Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Blackberry Enterprise Server cpe:2.3:a:blackberry:enterprise_server:4.1.5:::::::* cpe:2.3:a:blackberry:enterprise_server:4.1.4:::::::* cpe:2.3:a:blackberry:enterprise_server:4.1.3:::::::* cpe:2.3:a:blackberry:enterprise_server:4.1:sp3::::::	4
Application	Blackberry Unite cpe:2.3:a:blackberry:unite:1.0.1:::::::* cpe:2.3:a:blackberry:unite:1.0:sp1::::::	2
Application	Rim Blackberry Enterprise Server cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:::::::* cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:::::::* cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:::::::*	3
Application	Rim Blackberry Enterprise Server For Domino cpe:2.3:a:rim:blackberry_enterprise_server_for_domino::::::::	1
Application	Rim Blackberry Enterprise Server For Exchange cpe:2.3:a:rim:blackberry_enterprise_server_for_exchange::::::::	1
Application	Rim Blackberry Enterprise Server For Novell Groupwise cpe:2.3:a:rim:blackberry_enterprise_server_for_novell_groupwise::::::::	1
Application	Rim Blackberry Unite cpe:2.3:a:rim:blackberry_unite:1.0.1:::::::* cpe:2.3:a:rim:blackberry_unite:1.0:sp1::::::	2

Open Source Vulnerability Database (OSVDB)

Id	Description
47296	BlackBerry Multiple Products PDF Distiller Component PDF Processing Arbitrary...

Nessus® Vulnerability Scanner

Date	Description
2008-07-21	Name : The remote Windows host has an application that is affected by a code executi... File : blackberry_es_pdf_vuln.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	14
osvdb(s)	1
Nessus® Exploit(s)	1

	Related
9.3	CVE-2008-3246
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)