Research In Motion (RIM) is warning that vulnerabilities in its BlackBerry
Enterprise Server software may allow for malicious attacks.
The server software vulnerability allows an attacker to use a corrupt .tif image file to cause a heap overflow error that can prevent a user from
viewing attachments, RIM said in a posting on its customer support Web site.
RIM said there is no impact on any other services, such as sending and
receiving messages, making phone calls, browsing the Internet and running
BlackBerry wireless device applications to access a corporate network.
The second error exists in the handling of Server Routing Protocol (SRP)
packets and can be exploited to disrupt communication between BlackBerry
Enterprise Server and BlackBerry Router, potentially causing a DOS attack,
according to Secunia.
The security outfit rated the flaw as “moderately critical.”
In a posting on its support site, RIM said it was aware of the
vulnerability and will fix the problem in future releases of BlackBerry
Enterprise Server. The company suggests administrators use a workaround that
blocks .tif attachments or disable the attachments on BlackBerrys.