BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 08-11-2011, 04:42 PM   #1
bertiebassett
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Default Critical BES Vulnerability - Image attachment handling, kb27244

Please Login to Remove!

Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
__________________
LOTS of answers here: Main Page - BlackBerryFAQ
Offline  
Old 08-12-2011, 07:30 AM   #2
jibi
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by bertiebassett View Post
Yet another image attachment handling vulnerability - but all it needs to execute is for a BB user to receive a malformed img attachment.

KB27244-Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

Has anyone deployed these patches successfully / any adverse impacts..

Sorry if this is old news -I did search the KB number and vulnerabilities before posting..
From my experience, most file processing patches have been without side effects ... whether it has been on the Attachment Service, MDS-CS, or BAS. In fact, I cannot remember one that had any side effects. No experience with this particular one, as we're running MR3 in production.

The impact of this particular bug appears to be narrow in focus in the BESX and BESD world, so legacy BES 4.1 administrators need not worry (unless RIM is pushing their "end of life" agenda for these platforms). BES 5.0 SP1 and SP2 have hotfixes available for the bug and BES 5.0 SP3 should upgrade to MR3, so the remediation paths are a little different (minimal to no impact versus possible impact depending on your installation).
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.

Last edited by jibi; 08-12-2011 at 07:32 AM..
Offline  
Old 08-12-2011, 08:09 AM   #3
juwaack68
iPhone Convert
 
juwaack68's Avatar
 
Join Date: Oct 2005
Location: Tulip City - MI
Model: iP5
OS: 6.0.2
PIN: to beans
Carrier: I'm not
Posts: 13,878
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Whoa.... who is this ^^ guy?
__________________
No longer a BES Admin, but it was fun while it lasted!
Offline  
Old 08-12-2011, 11:24 AM   #4
jibi
BlackBerry God
 
jibi's Avatar
 
Join Date: Oct 2004
Location: Jibi's Secret Place
Model: 8900
OS: 4.6.1.174
Carrier: AT&T
Posts: 11,310
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
I'm not sure who you're talking about?
__________________
In the beginning the Universe was created. This has made a lot of people very angry and is widely regarded as a bad move.
Offline  
Old 08-12-2011, 11:29 AM   #5
jsconyers
New Member
 
jsconyers's Avatar
 
Join Date: Jul 2007
Location: In a van down by the river.
Model: NOTE2
OS: 4.1
PIN: <- Where do I find this?
Carrier: Sprint
Posts: 15,104
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

I have installed this patch on BES 5.01 for GroupWise successfully.

No issues to report.
__________________
The difference between stupidity and genius is that genius has its limits.
When you take things for granted, the things you are granted, get taken.
Even a mosquito doesn't get a pat on the back until it starts to work.
Too many people miss the silver lining because they're expecting gold.
[BES 5.0.3 / GroupWise 2012 HP2]
Offline  
Old 08-12-2011, 04:27 PM   #6
bertiebassett
CrackBerry Addict
 
bertiebassett's Avatar
 
Join Date: Aug 2005
Location: London, UK
Model: 9700
Carrier: O2
Posts: 961
Default Re: Critical BES Vulnerability - Image attachment handling, kb27244

Quote:
Originally Posted by juwaack68 View Post
Whoa.... who is this ^^ guy?
It's been a while...post '08 WES I dropped out for a bit and kicked back did some skiing, managed to avoid 09 & '10 WES but should be back next year...
__________________
LOTS of answers here: Main Page - BlackBerryFAQ

Last edited by bertiebassett; 08-12-2011 at 04:28 PM..
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads for: Critical BES Vulnerability - Image attachment handling, kb27244
Thread Thread Starter Forum Replies Last Post
Special BES Express plans (UK) classact Carrier Specific Issues 0 05-16-2010 09:32 PM
BES v5 handheld cant view attachment eg. jpeg, gif, etc.... NanuGTR BES Admin Corner 2 09-08-2009 07:14 AM
BBs & Attachment handling kwarner717 RIM Software 1 11-30-2005 10:55 PM
Attachment Issue - BES 4.0 & Lotus Notes/Domino 6.5 kwarner717 BES Admin Corner 2 11-18-2005 11:18 AM
BES 4.0 SP1 for Exchange now available! jibi BES Admin Corner 20 05-04-2005 10:00 PM


Genuine Dell OEM G Series G7 7790 CPU and Graphics Heatsink Assembly XRF05 picture

Genuine Dell OEM G Series G7 7790 CPU and Graphics Heatsink Assembly XRF05

$20.30



OEM Dell latitude E7250 CPU Cooling Fan with Heatsink DP/N 04T1K3 0J3M4Y picture

OEM Dell latitude E7250 CPU Cooling Fan with Heatsink DP/N 04T1K3 0J3M4Y

$13.90



OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan 7M0F5 picture

OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan 7M0F5

$12.11



Genuine OEM Dell 2375 B2375dnf B2375dfw 110V Fuser fixing N41P2 sku 724-BBCI picture

Genuine OEM Dell 2375 B2375dnf B2375dfw 110V Fuser fixing N41P2 sku 724-BBCI

$94.99



OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan NF-A12 picture

OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan NF-A12

$30.60



1PCS NEW FIT FOR OEM Dell AC Adapter Dell Alienware DA330PM190 LA330PM190 330W picture

1PCS NEW FIT FOR OEM Dell AC Adapter Dell Alienware DA330PM190 LA330PM190 330W

$117.97







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.