BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 08-11-2011, 04:42 PM   #1
bertiebassett
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Default Critical BES Vulnerability - Image attachment handling, kb27244

Please Login to Remove!

Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
__________________
LOTS of answers here: Main Page - BlackBerryFAQ
Offline  
Old 08-12-2011, 07:30 AM   #2
jibi
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by bertiebassett View Post
Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
From my experience, most file processing patches have been without side effects ... whether it has been on the Attachment Service, MDS-CS, or BAS. In fact, I cannot remember one that had any side effects. No experience with this particular one, as we're running MR3 in production.

The impact of this particular bug appears to be narrow in focus in the BESX and BESD world, so legacy BES 4.1 administrators need not worry (unless RIM is pushing their "end of life" agenda for these platforms). BES 5.0 SP1 and SP2 have hotfixes available for the bug and BES 5.0 SP3 should upgrade to MR3, so the remediation paths are a little different (minimal to no impact versus possible impact depending on your installation).
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.

Last edited by jibi; 08-12-2011 at 07:32 AM..
Offline  
Old 08-12-2011, 08:09 AM   #3
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Whoa.... who is this ^^ guy?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 08-12-2011, 11:24 AM   #4
jibi
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
I'm not sure who you're talking about?
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 08-12-2011, 11:29 AM   #5
jsconyers
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,104
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

I have installed this patch on BES 5.01 for GroupWise successfully.

No issues to report.
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
Offline  
Old 08-12-2011, 04:27 PM   #6
bertiebassett
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
It's been a while...post '08 WES I dropped out for a bit and kicked back did some skiing, managed to avoid 09 & '10 WES but should be back next year...
__________________
LOTS of answers here: Main Page - BlackBerryFAQ

Last edited by bertiebassett; 08-12-2011 at 04:28 PM..
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: Critical BES Vulnerability - Image attachment handling, kb27244
Thread Thread Starter Forum Replies Last Post
Special BES Express plans (UK) classact Carrier Specific Issues 0 05-16-2010 09:32 PM
BES v5 handheld cant view attachment eg. jpeg, gif, etc.... NanuGTR BES Admin Corner 2 09-08-2009 07:14 AM
BBs & Attachment handling kwarner717 RIM Software 1 11-30-2005 10:55 PM
Attachment Issue - BES 4.0 & Lotus Notes/Domino 6.5 kwarner717 BES Admin Corner 2 11-18-2005 11:18 AM
BES 4.0 SP1 for Exchange now available! jibi BES Admin Corner 20 05-04-2005 10:00 PM


ENDOXPERT GASTROENTROLOGY MEMORY BASKET BRAND NEW picture

ENDOXPERT GASTROENTROLOGY MEMORY BASKET BRAND NEW

$118.36



Foot Rest for under Desk - Memory Foam Foot Stool - Back, Lumbar, and Knee Pain picture

Foot Rest for under Desk - Memory Foam Foot Stool - Back, Lumbar, and Knee Pain

$23.11



2 - RAM DRAM Tray-Container Box For Server PC Memory DIMM Modules - Fits 100 NEW picture

2 - RAM DRAM Tray-Container Box For Server PC Memory DIMM Modules - Fits 100 NEW

$21.90



2 Computer Memory Packaging Tray Case for Desktop PC DDR4 Modules - Fits 100 New picture

2 Computer Memory Packaging Tray Case for Desktop PC DDR4 Modules - Fits 100 New

$21.50



We R Makers The Cinch Book Binding Machine Round hole V 2 White Aqua 71050-9 picture

We R Makers The Cinch Book Binding Machine Round hole V 2 White Aqua 71050-9

$79.99



Dental Endo NiTi Gold Taper Heat Activated /Rotary Files Engine Use 21mm/25mm picture

Dental Endo NiTi Gold Taper Heat Activated /Rotary Files Engine Use 21mm/25mm

$296.92







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.