11 replies to this topic

[AplusWebMaster]

FYI...

RIM releases advisory for BlackBerry PDF Distiller vulns - updates available
- http://www.us-cert.g...leases_advisory
April 20, 2009

* http://www.blackberr...ernalId=KB17953
"Overview... For the convenience of affected customers, the fixes for KB15766 and KB17118 are included in the software update provided for the new vulnerabilities described in this security advisory. Customers affected by the issues described in this advisory should also review KB15766 and KB17118 to review how they are protected from the vulnerability described in that advisory after applying either the updates provided in KB15766 and KB17118, or the one provided in this advisory...
Resolution: RIM has issued an interim security software update that resolves this vulnerability in affected versions of the BlackBerry Enterprise Server software and BlackBerry Professional Software.
For BlackBerry Enterprise Server
• Visit http://www.blackberr...serverdownloads to download and install Interim Security Software Update 3 for affected BlackBerry Enterprise Server software versions.
OR
• For BlackBerry Enterprise Server for Microsoft Exchange or Lotus Domino, visit http://www.blackberr...serverdownloads to download and install version 4.1.6 MR5 or later.
• For BlackBerry Professional Software
Visit http://na.blackberry...ab_professional to obtain Interim Security Software Update 3 for affected BlackBerry Professional Software versions..."

- http://www.blackberr...ernalId=KB15766
- http://www.blackberr...ernalId=KB17118

Edited by AplusWebMaster, 02 October 2009 - 08:43 AM.

[AplusWebMaster]

FYI...

BlackBerry security advisory...
- http://www.us-cert.g...leases_security
October 1, 2009 - "Research in Motion has released a security advisory* to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site. US-CERT encourages users to review the BlackBerry security advisory KB19552* and apply any necessary updates**."
* http://www.blackberr...ernalId=KB19552
09/30/09 - "... RIM recommends that BlackBerry device users exercise caution when clicking on links that they receive in email or SMS messages. If a user visits a site that causes a BlackBerry browser dialog box to warn the user about continuing the connection, the user should select Close connection..."
** http://na.blackberry.com/eng/update/
Last Modified : 09-30-2009

BlackBerry Security
- http://na.blackberry...curity/news.jsp

Edited by AplusWebMaster, 06 October 2009 - 05:13 PM.

[AplusWebMaster]

FYI...

Vulnerability in the BlackBerry Desktop Manager allows remote code execution
- http://www.blackberr...ernalId=KB19701
November 3, 2009
Overview: This advisory relates to a vulnerability in a Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager may use. This vulnerability may allow a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. If the legitimate (logged in) user clicks a link to a malicious web site (for example, in an email message, in a browser, or an instant message) on the computer that is running the BlackBerry Desktop Manager, a vulnerability in an Intellisync component could allow the malicious user who sent the link or created the malicious web site to execute code on the computer using the privileges of the legitimate user.
Note: The affected Lotus Notes Intellisync DLL is included by default in all BlackBerry Desktop Manager installations. This vulnerability exists whether or not the DLL is used after installation...

- http://secunia.com/advisories/37244/2/
Release Date: 2009-11-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: BlackBerry Desktop Software 3.x, BlackBerry Desktop Software 4.x, BlackBerry Desktop Software 5.x ...
Solution: Update to version 5.0.1* ...

* https://www.blackber...B93E4F3BB068C22
( Note: If you did not purchase BlackBerry directly from Research In Motion (RIM), please contact your service provider to determine if this software has been authorized for use with your handheld... )

- http://web.nvd.nist....d=CVE-2009-0306

Edited by AplusWebMaster, 05 November 2009 - 04:27 PM.

[AplusWebMaster]

FYI...

BlackBerry PDF Distiller multiple vulns - updates available
- http://secunia.com/advisories/37562/2/
Release Date: 2009-12-02
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: BlackBerry Enterprise Server 5.x, BlackBerry Enterprise Server for Domino 4.x, BlackBerry Enterprise Server for Exchange 4.x, BlackBerry Enterprise Server for Novell GroupWise 4.x, BlackBerry Professional Software 4.x...
Original Advisory:
http://www.blackberr...ernalId=KB19860

- http://www.us-cert.g...eases_advisory1

Bulletins and Information
- http://na.blackberry...curity/news.jsp

Edited by AplusWebMaster, 20 January 2010 - 05:54 PM.

[AplusWebMaster]

FYI...

BlackBerry Desktop software - Insecure Library Loading vuln
- http://secunia.com/advisories/41346/
Release Date: 2010-09-10
Criticality level: Highly critical
Impact: System access
Where: From remote
Software: BlackBerry Desktop Software 6.x
CVE Reference: CVE-2010-2600
... The vulnerability is reported in all versions of the BlackBerry Desktop Software.
Solution: Update to version 6.0.0.47.
Original Advisory: BlackBerry KB24242:
http://www.blackberry.com/btsc/KB24242

- http://secunia.com/advisories/41398/
Release Date: 2010-09-10
Criticality level: Highly critical
Impact: System access
Solution Status: Unpatched
Software: BlackBerry Desktop Software 3.x, 4.x, 5.x
CVE Reference: CVE-2010-2600
Solution: Upgrade to version 6.0.0.47.
Original Advisory: BlackBerry KB24242:
http://www.blackberry.com/btsc/KB24242

- http://securitytrack...ep/1024425.html
Sep 10 2010 - "... prior to 6.0.0.47..."

Edited by AplusWebMaster, 13 September 2010 - 05:48 PM.

[AplusWebMaster]

FYI...

BlackBerry Enterprise Server - PDF distiller vuln/updates
- http://www.blackberr...ernalId=KB24547
Last Modified: 10-13-2010 - "... The vulnerability could allow a malicious individual to cause buffer overflow errors, leading to a Denial of Service (DoS) condition or possibly arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. Successful exploitation of this issue requires a malicious individual to persuade a BlackBerry smartphone user to open a specially crafted PDF file on a BlackBerry smartphone that is associated with a user account on a BlackBerry Enterprise Server. The PDF file may be attached to an email message, or the BlackBerry smartphone user may retrieve it from a web site using the Get Link menu item on the BlackBerry smartphone...
Resolution..."
(See info at the URL above for "... Interim Security Updates")

- http://web.nvd.nist....d=CVE-2010-2601
Last revised: 10/15/2010
CVSS v2 Base Score: 7.6 (HIGH)

[AplusWebMaster]

FYI...

BlackBerry server PDF Distiller Buffer Overflow vuln - patch available
- http://secunia.com/advisories/35632/
Release Date: 2010-12-15
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
... The vulnerability is reported in BlackBerry Enterprise Server versions 4.1.3 through 5.0.2.
Solution: Update to the latest version or apply the Interim Security Update.
Original Advisory:
http://www.blackberr...ernalId=KB24761
Last Modified: 12-14-2010
- http://www.blackberr...ironmentSection
Who should apply the software fix(es): BlackBerry Enterprise Server administrators
Resolution:
- http://www.blackberr...solutionSection

- http://us.blackberry...lance/security/

[AplusWebMaster]

FYI...

BlackBerry v6.01 Desktop released
- http://secunia.com/advisories/42657/
Release Date: 2010-12-16
Impact: Brute force
Where: From remote
Software: BlackBerry Desktop Software 6.x
CVE Reference(s): CVE-2010-2603
... The weakness is reported in version 6.0.
Solution: Update to version 6.0.1.
Original Advisory:
http://www.blackberry.com/btsc/KB24764
"... Who should apply the software fix(es)
• IT administrators
• BlackBerry Desktop Software for PC users
• BlackBerry Desktop Software for Mac users ..."

- http://www.securityt....com/id?1024908
Dec 17 2010

Edited by AplusWebMaster, 20 December 2010 - 05:11 AM.

[AplusWebMaster]

FYI...

BlackBerry Enterprise Server vuln - update available
- http://secunia.com/advisories/42882/
Release Date: 2011-01-12
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: BlackBerry Enterprise Server 5.x, Enterprise Server for Domino 4.x, Enterprise Server for Exchange 4.x, Enterprise Server for Novell GroupWise 4.x, Professional Software 4.x
Original Advisory:
http://www.blackberry.com/btsc/KB25382

- http://cve.mitre.org...e=CVE-2010-2604

[AplusWebMaster]

FYI...

Blackberry Browser Application Lets Remote Users Deny Service
- http://www.securityt....com/id?1024952
Jan 12 2011 - "... Solution: The vendor has issued a fix.
The vendor's advisory is available at:
- http://www.blackberry.com/btsc/KB24841 ...
"... Who should apply the software fix(es)
• BlackBerry Enterprise Server administrators
• BlackBerry device users <<<

- http://web.nvd.nist....d=CVE-2010-2599

To check for available updates for your BlackBerry Device Software, visit:
- http://www.blackberry.com/updates/
"... If you are using a software version that is not listed... update to one of the listed versions -before- applying the software update..."

[AplusWebMaster]

FYI...

BlackBerry Tablet OS - Flash multiple vulns
- http://secunia.com/advisories/45004/
Release Date: 2011-06-21
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
... vulnerabilities are caused due to a vulnerable bundled version of Adobe Flash Player... reported in versions 1.0.5.2342 and prior.
Solution: Update to version 1.0.6 or later.
Original Advisory: http://www.blackberry.com/btsc/KB27365

[AplusWebMaster]

FYI...

BlackBerry svr update
- http://h-online.com/-1322436
12 August 2011 - "RIM has issued a warning of a critical security hole in its BlackBerry Enterprise Server*, which attackers can use to compromise a system remotely..."
* http://btsc.webapps....ernalId=KB27244
08-10-2011 - "... CVE ref:
CVE-2010-1205, CVE-2010-3087, CVE-2010-2595, CVE-2011-0192, CVE-2011-1167
... updates to address the issue must be applied on any computer that hosts a BlackBerry MDS Connection Service or BlackBerry Messaging Agent instance.
The vulnerabilities do -not- affect BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino"
- http://btsc.webapps....p;externalId=KB

- http://www.blackberr...serverdownloads