BlackBerry Enterprise Server / Unite! PDF Distiller Component Vulnerabilities (KB17118 / KB17119)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by several
vulnerabilities.

Description :

The version of BlackBerry Enterprise Server / BlackBerry Unite! on the
remote host reportedly contains several vulnerabilities in the PDF
distiller component of the BlackBerry Attachment Service :

- A heap-based buffer overflow triggered when parsing a
certain stream inside a PDF file.

- A heap-based buffer overflow triggered when parsing a
data stream inside of a PDF file.

- An uninitialized memory vulnerability triggered when
when parsing a data stream inside of a PDF file.

A remote attacker may be able to leverage these issues to execute
arbitrary code on the affected host subject to the privileges under
which the application runs, generally 'SYSTEM', by sending an email
message with a specially crafted PDF file and having that opened for
viewing on a BlackBerry smartphone.

See also :

http://www.nessus.org/u?3319be28
http://www.nessus.org/u?7cb4b343
http://www.nessus.org/u?bc1633bf
http://www.securityfocus.com/archive/1/500011/30/0/threaded
http://www.securityfocus.com/archive/1/500015/30/0/threaded
http://www.securityfocus.com/archive/1/500016/30/0/threaded
http://www.blackberry.com/btsc/viewContent.do?externalId=KB17118
http://www.blackberry.com/btsc/viewContent.do?externalId=KB17119

Solution :

If using BlackBerry Enterprise Server, apply Interim Security Software
Update 2 or later or prevent the Attachment Service from processing
PDF files.

If using BlackBerry Unite!, either upgrade to 1.0.3 bundle 28 or later
or prevent the Attachment Service from processing PDF files.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 35430 (blackberry_es_pdf_kb17118.nasl)

Bugtraq ID: 33224
33248
33250

CVE ID: CVE-2009-0176
CVE-2009-0219

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now