BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-11-2011, 05:42 PM   #1 (permalink)
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Critical BES Vulnerability - Image attachment handling, kb27244

Please Login to Remove!

Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
__________________
LOTS of answers here: Main Page - BlackBerryFAQ
Offline  
Old 08-12-2011, 08:30 AM   #2 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by bertiebassett View Post
Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
From my experience, most file processing patches have been without side effects ... whether it has been on the Attachment Service, MDS-CS, or BAS. In fact, I cannot remember one that had any side effects. No experience with this particular one, as we're running MR3 in production.

The impact of this particular bug appears to be narrow in focus in the BESX and BESD world, so legacy BES 4.1 administrators need not worry (unless RIM is pushing their "end of life" agenda for these platforms). BES 5.0 SP1 and SP2 have hotfixes available for the bug and BES 5.0 SP3 should upgrade to MR3, so the remediation paths are a little different (minimal to no impact versus possible impact depending on your installation).
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.

Last edited by jibi : 08-12-2011 at 08:32 AM.
Offline  
Old 08-12-2011, 09:09 AM   #3 (permalink)
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,875
Post Thanks: 3
Thanked 72 Times in 55 Posts
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Whoa.... who is this ^^ guy?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 08-12-2011, 12:24 PM   #4 (permalink)
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Post Thanks: 0
Thanked 1 Time in 1 Post
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
I'm not sure who you're talking about?
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 08-12-2011, 12:29 PM   #5 (permalink)
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,071
Post Thanks: 139
Thanked 140 Times in 121 Posts
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

I have installed this patch on BES 5.01 for GroupWise successfully.

No issues to report.
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
Offline  
Old 08-12-2011, 05:27 PM   #6 (permalink)
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
It's been a while...post '08 WES I dropped out for a bit and kicked back did some skiing, managed to avoid 09 & '10 WES but should be back next year...
__________________
LOTS of answers here: Main Page - BlackBerryFAQ

Last edited by bertiebassett : 08-12-2011 at 05:28 PM.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads for: Critical BES Vulnerability - Image attachment handling, kb27244
Thread Thread Starter Forum Replies Last Post
Special BES Express plans (UK) classact Carrier Specific Issues 0 05-16-2010 10:32 PM
BES v5 handheld cant view attachment eg. jpeg, gif, etc.... NanuGTR BES Admin Corner 2 09-08-2009 08:14 AM
BBs & Attachment handling kwarner717 RIM Software 1 11-30-2005 10:55 PM
Attachment Issue - BES 4.0 & Lotus Notes/Domino 6.5 kwarner717 BES Admin Corner 2 11-18-2005 11:18 AM
BES 4.0 SP1 for Exchange now available! jibi BES Admin Corner 20 05-04-2005 11:00 PM





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.