Critical BES Vulnerability - Image attachment handling, kb27244
 

Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..

Re: Critical BES Vulnerability - Image attachment handling, kb27244
 

From my experience, most file processing patches have been without side effects ... whether it has been on the Attachment Service, MDS-CS, or BAS. In fact, I cannot remember one that had any side effects. No experience with this particular one, as we're running MR3 in production.

The impact of this particular bug appears to be narrow in focus in the BESX and BESD world, so legacy BES 4.1 administrators need not worry (unless RIM is pushing their "end of life" agenda for these platforms). BES 5.0 SP1 and SP2 have hotfixes available for the bug and BES 5.0 SP3 should upgrade to MR3, so the remediation paths are a little different (minimal to no impact versus possible impact depending on your installation).

Re: Critical BES Vulnerability - Image attachment handling, kb27244
 

Whoa.... who is this ^^ guy? :razz:

Re: Critical BES Vulnerability - Image attachment handling, kb27244
 

I'm not sure who you're talking about? 8-)

Re: Critical BES Vulnerability - Image attachment handling, kb27244
 

I have installed this patch on BES 5.01 for GroupWise successfully.

No issues to report.

Re: Critical BES Vulnerability - Image attachment handling, kb27244
 

It's been a while...post '08 WES I dropped out for a bit and kicked back did some skiing, managed to avoid 09 & '10 WES but should be back next year...