An unpatched security vulnerability in Research in Motion Ltd.s BlackBerry Enterprise Server could put millions of business users at risk of denial-of-service attacks, the company acknowledged Tuesday.
In an advisory, RIM warned that a corrupt TIFF (Tagged Image File Format) attachment could be used in an attack that would stop a user from being able to view attachments.
The bug was first flagged by a researcher known as "FX" during a presentation at the 22nd Chaos Communication Congress, where multiple RIM BlackBerry products came under the security microscope.
Even as RIM downplayed the risk as a denial-of-service condition, the U.S.-CERT (Computer Emergency Readiness Team) said the vulnerabilities discussed by "FX" could allow an attacker to execute arbitrary code on the BlackBerry Attachment Service.
"To exploit these vulnerabilities, an attacker would need to supply a crafted file that is viewed or downloaded by a BlackBerry Handheld; or the attacker would need to redirect a network connection directed to the BlackBerry Infrastructure," US-CERT said in a separate alert.
"[We recommend] that BlackBerry sites upgrade BlackBerry Enterprise Server to the latest version," US-CERT said.
In all, US-CERT lists three different BlackBerry vulnerabilities, including the TIFF image bug that RIM fessed up to. That flaw affects the BlackBerry Enterprise Server 4.0 and later versions running on IBM Lotus Domino, Microsoft Exchange and Novell GroupWise.
RIM insists there is no impact on any other BlackBerry services, such as making phone calls, sending and receiving mail, or browsing the Web, and promised a patch would be made available.
"This is a previously reported issue that has been escalated internally to our development team. No resolution time frame is currently available," the Toronto-based RIM added.
As a temporary workaround, BlackBerry Enterprise Server administrators can selectively exclude TIFF images from being processed by the Attachment Service or disable the Attachment Service completely.
The BlackBerry Enterprise Server is key to RIMs push into the enterprise handheld device market. It is used by IT departments to connect Microsoft Exchange or Lotus Notes/Domino servers to a wireless carrier to allow for corporate e-mail delivery.