#1 (permalink)  
Old 03-07-2007, 11:25 PM
BESadmin's Avatar
Administrator
  
Join Date: Aug 2006
Posts: 1,774
RIM analysis of buffer overrun in decompression algorithm
RIM analysis of buffer overrun in decompression algorithm

Doc ID : KB04075
Last Modified : 2007-03-20
Document Type : Security Advisory

Environment

BlackBerry® Enterprise Server

Overview

A report issued by Imad Lahoud of the EADS Corporate Research Center IT Security Lab in France identified an issue in the BlackBerry Enterprise Server that is known to RIM and has been corrected.

Problem

A buffer overrun condition exists in the way that BlackBerry Enterprise Server software version 4.0 Service Pack 1 and earlier handle certain data packets. This vulnerability could potentially allow for remote code execution. RIM has determined that exploiting this vulnerability would be difficult.

Resolution

RIM recommends that customers apply the update at the earliest opportunity for the following BlackBerry products:

IBM® Lotus® Domino®
  • BlackBerry Enterprise Server software version 4.0 Service Pack 1 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 1 OR BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 3
  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Hotfix 3
  • BlackBerry Enterprise Server software version 2.2 Service Pack 5 - Download BlackBerry Enterprise Server software version 2.2 Service Pack 5 Hotfix 2
Microsoft® Exchange
  • BlackBerry Enterprise Server software version 4.0 Service Pack 1 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 2 OR BlackBerry Enterprise Server software version 4.0 Service Pack 1 Hotfix 3
  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Hotfix 3
  • BlackBerry Enterprise Server software version 3.6 Service Pack 5 - Download BlackBerry Enterprise Server software version 3.6 Service Pack 5 Hotfix 1
Novell® GroupWise®
  • BlackBerry Enterprise Server software version 4.0 - Download BlackBerry Enterprise Server software version 4.0 Service Pack 1
These downloads are available at the following link: http://www.blackberry.com/support/downloads/index.shtml

Additional Information

For more background information on BlackBerry security, refer to the following documents:
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +11. The time now is 02:04 PM.

Copyright ©2006 - 2008 BLACKBERRYFORUMS - RIM and Blackberry are Registered Trademarks of Research In Motion

Contact Us - BlackBerry Support Forum - Asia Pacific - Archive - Top

Search Engine Friendly URLs by vBSEO 3.2.0