SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#570768

Research in Motion (RIM) BlackBerry Attachment Service does not properly handle TIFF image files

Overview

The Research in Motion (RIM) BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By causing the service to render a specially crafted TIFF file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could cause a denial of service to the Attachment Service.

I. Description

The BlackBerry Attachment Service is a component of the BlackBerry Enterprise Server (BES). The BlackBerry Attachment Service renders certain types of files sent as email attachments for display on BlackBerry Handhelds and other BlackBerry client devices. A heap overflow vulnerability in the way the service renders TIFF format image files could allow an attacker supplying a specially crafted TIFF file to cause the service to stop functioning. A user must view the attacker-supplied attachment on a BlackBerry Handheld in order to trigger the vulnerability.

From RIM Technical Knowledge Center article KB-04757:

    There is no impact on any other services (for example, sending and receiving messages, making phone calls, browsing the Internet, and running handheld applications to access a corporate network).

    The Attachment Service automatically restarts immediately or within a specified time period (the default is 25 minutes). The administrator can restart the Attachment Service at any time.

II. Impact

By supplying a specially crafted TIFF image as an email attachment and convincing a user to view the image on a BlackBerry Handheld, a remote, unauthenticated attacker could cause a denial of service to the Blackberry Attachment Service. A denial of service may only affect some users, and the Attachment Service may start new threads immediately or after a specified time period (25 minutes by default).

III. Solution

RIM Technical Knowledge Center article KB-04757 states that "This is a previously reported issue that has been escalated internally to our development team. No resolution time frame is currently available."

Until a complete solution is available, "An administrator can selectively exclude TIFF images from being processed by the Attachment Service in the BlackBerry Enterprise Server, or disable the Attachment Service completely." as described in RIM Technical Knowledge Center article KB-04757.

Systems Affected

VendorStatusDate NotifiedDate Updated
Research in Motion (RIM)Vulnerable30-Dec-2005

References


http://events.ccc.de/congress/2005/fahrplan/events/596.en.html
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167895
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId=739746
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/?func=doc.Fetch&nodeId=780409

Credit

This vulnerability was reported by FX of Phenoelit. Thanks to RIM for information used in this document.

This document was written by Art Manion.

Other Information

Date Public:2005-12-30
Date First Published:2005-12-30
Date Last Updated:2006-01-09
CERT Advisory: 
CVE-ID(s):CVE-2005-2341
NVD-ID(s):CVE-2005-2341
US-CERT Technical Alerts: 
Metric:7.02
Document Revision:29

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2005 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader