Results 1 to 6 of 6
Like Tree3Likes
  • 1 Post By dpeters11
  • 1 Post By Sith_Apprentice
  • 1 Post By dpeters11
  1. dpeters11
    dpeters11 is offline
    dpeters11's Avatar
    CrackBerry Abuser
    Posts
    175 Posts
    Global Posts
    198 Global Posts
    02-18-2013, 09:09 PM Thread AuthorThread Author   #1  

    Default BES 5 security vulnerability

    TIFF vulnerability in MDS. It's fixed in 5.0.4 MR2

    KB33425-BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution
    Quick reply to this message Reply
    Thanked by:
    Sith_Apprentice (02-19-2013) 
    Sith_Apprentice likes this.
  2. Sith_Apprentice
    Sith_Apprentice is offline
    Sith_Apprentice's Avatar
    Posts
    7,700 Posts
    Global Posts
    7,701 Global Posts
    PIN
    Changes way too often
    02-19-2013, 06:20 AM #2  

    Default

    Quote Originally Posted by dpeters11 View Post
    TIFF vulnerability in MDS. It's fixed in 5.0.4 MR2

    KB33425-BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution
    As usual the workaround is either upgrade to MR2 or disable processing of the listed files with the vulnerability. Thanks for posting this.

    What is interesting:

    Affected Software

    • BlackBerry ® Enterprise Server Express version 5.0.4 and earlier for Microsoft Exchange and IBM Lotus Domino
    • BlackBerry ® Enterprise Server version 5.0.4 and earlier for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise

    Note: The affected software includes versions that are no longer supported. Visit the Software Support Lifecycle site for information about supported BES versions. See the Resolution section of this advisory for more information on upgrading to a supported version for which a security software update is available.



    Non Affected Software

    • BlackBerry ® Device Software
    • BlackBerry ® Desktop Software
    • BlackBerry ® Enterprise Server version 5.0.4 MR1 and later for Microsoft Exchange, IBM Lotus Domino and Novell Groupwise
    • BlackBerry ® Enterprise Server Express version 5.0.4 (interim security update) and later for Microsoft Exchange and IBM Lotus Domino
    • BlackBerry ® Enterprise Service 10

    Note: BlackBerry Enterprise Server version 5.0.4. MR1 is no longer available. The current available software version for BlackBerry Enterprise Server is version 5.0.4 MR2.

    ~S_A
    Quick reply to this message Reply
    Thanked by:
    Superfly_FR (02-19-2013) 
    Superfly_FR likes this.
  3. dpeters11
    dpeters11 is offline
    dpeters11's Avatar
    CrackBerry Abuser
    Posts
    175 Posts
    Global Posts
    198 Global Posts
    02-19-2013, 09:34 AM Thread AuthorThread Author   #3  

    Default

    I actually started to install MR1, but the compatibility level of my database was wrong, then found it had been pulled when they found issues with it.

    At least it's not another PDF vulnerability. I was getting tired of applying all those.
    Quick reply to this message Reply
    Sith_Apprentice likes this.
  4. Sith_Apprentice
    Sith_Apprentice is offline
    Sith_Apprentice's Avatar
    Posts
    7,700 Posts
    Global Posts
    7,701 Global Posts
    PIN
    Changes way too often
    02-19-2013, 10:08 AM #4  

    Default

    I had no problems with MR1 but applied MR2 to stay current.
    ~S_A
    Quick reply to this message Reply
  5. dbmalloy
    dbmalloy is offline
    dbmalloy's Avatar
    CrackBerry Master
    Posts
    1,392 Posts
    02-19-2013, 10:11 AM #5  

    Default

    Nice to see BB being straight forward on these issues...... rather refreshing considering how many times to competition is not as forthcoming....
    Quick reply to this message Reply
  6. justin.lafleur
    justin.lafleur is offline
    justin.lafleur's Avatar
    CrackBerry Newbie
    Posts
    6 Posts
    02-21-2013, 06:22 AM #6  

    Default

    Does this also apply in BES 4.1.7 ?
    BlackBerry Bold 9700 & BlackBerry Bold 9000 - www.colibrimobile.com
    Quick reply to this message Reply
« Moving BES 5 server to new Exchange server | Stuck Performing User Delete »

Posting Permissions

Switch to Blog View