BlackBerry附件服务PDF处理器多个未明安全漏洞

发表评论 (0) 查看评论

漏洞起因
设计错误
 
影响系统
Symantec Clientless VPN Gateway 4400 Series 4.0 SP3
Symantec Clientless VPN Gateway 4400 Series 4.0 SP2
Symantec Clientless VPN Gateway 4400 Series 4.0 SP1
Research In Motion Blackberry Professional Software 4.1.4
Research In Motion Blackberry Enterprise Server for Novell Groupwise 4.1
Research In Motion Blackberry Enterprise Server for Novell Groupwise 4.0 SP3 Hotfix 1
Research In Motion Blackberry Enterprise Server for Exchange 4.0 SP1
Research In Motion Blackberry Enterprise Server for Exchange 5.0
Research In Motion Blackberry Enterprise Server for Exchange 4.1
Research In Motion Blackberry Enterprise Server for Exchange 4.0 SP3 Hotfix 3
Research In Motion Blackberry Enterprise Server for Domino 4.0
Research In Motion Blackberry Enterprise Server for Domino 5.0
Research In Motion Blackberry Enterprise Server for Domino 4.1 SP3
Research In Motion Blackberry Enterprise Server for Domino 4.0 SP3 Hotfix 4
Research In Motion Blackberry Enterprise Server 4.1.6 MR5
Research In Motion Blackberry Enterprise Server 4.1.6 MR4
Research In Motion Blackberry Enterprise Server 4.1.6
Research In Motion Blackberry Enterprise Server 4.1.5
Research In Motion Blackberry Enterprise Server 4.1.4
Research In Motion Blackberry Enterprise Server 4.1.3
Research In Motion Blackberry Enterprise Server 5.0
Nortel Networks Contivity 4600 Secure IP Services Gateway 4.0 SP3
Nortel Networks Contivity 4600 Secure IP Services Gateway 4.0 SP2
Nortel Networks Contivity 4600 Secure IP Services Gateway 4.0 SP1
Nortel Networks Contivity 4600 Secure IP Services Gateway 4.0
HP OpenCall MultiService Controller 4.0 SP3
HP OpenCall MultiService Controller 4.0 SP2
HP OpenCall MultiService Controller 4.0
 
不受影响系统
 
危害
远程攻击者可以利用漏洞进行拒绝服务攻击,可能导致任意代码执行。
 
攻击所需条件
攻击者必须构建特殊PDF文件,发送给BlackBerry附件服务组件处理。
 
漏洞信息
BlackBerry企业服务器的BlackBerry附件服务组件处理恶意PDF文件时存在多个安全问题,远程攻击者可以利用漏洞以应用服务进程权限执行任意指令,或导致拒绝服务攻击。
攻击者可以通过发送包含特殊构建的PDF文件的EMAIL消息来触发,目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
可参考如下安全公告获得补丁信息:
http://www.blackberry.com/btsc/dynamickc.do?externalId=KB18327&sliceID=1&command=show&forward=nonthreadedKC&kcId=KB18327
 
漏洞提供者
BlackBerry

发表评论?

0 条评论。

发表评论