>> BlackBerry Enterprise Server Remote Denial of Service Vulnerabilities
Title : BlackBerry Enterprise Server Remote Denial of Service Vulnerabilities VUPEN ID : VUPEN/ADV-2006-0011 CVE ID : CVE-2005-2341 - CVE-2005-2342 - CVE-2005-2343
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-01-02
Technical Description
Multiple vulnerabilities were identified in BlackBerry Enterprise Server, which could be exploited by remote attackers to cause a denial of service.
The first issue is due to an error in the Router component that does not properly handle specially crafted SRP (Secure Remote Password) Packets (port 3101/tcp), which could be exploited by an unauthenticated remote attacker to cause a denial of service.
The second vulnerability is due to an error in the Attachment Service when rendering TIFF format image files, which could be exploited by attackers to cause a denial of service by supplying a specially crafted TIFF image as an email attachment and convincing a user to view the image.
The third flaw is due to an error in the web browser that does not properly handle malformed JAD (Java Application Descriptor) files, which could be exploited by attackers to cause the browser to hang by convincing a user to access a specially crafted JAD file.
BlackBerry Enterprise Server 2.2 for IBM Lotus Domino - Install Service Pack 7
BlackBerry Enterprise Server 4.0 for IBM Lotus Domino - Install Service Pack 3 Hotfix 4
BlackBerry Enterprise Server 3.6 for Microsoft Exchange - Install Service Pack 7
BlackBerry Enterprise Server 4.0 for Microsoft Exchange - Install Service Pack 3 Hotfix 3
BlackBerry Enterprise Server 4.0 for Novell GroupWise - Install Service Pack 3 Hotfix 1 References
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
