[oagitm] Re: Securing/Hardening of the Blackberry BES platform

• From: "Palacios Dan A" <dan.a.palacios@xxxxxxxxxxx>
• To: "'sarbuckle@xxxxxxxxxxxxx'" <sarbuckle@xxxxxxxxxxxxx>, "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
• Date: Mon, 15 Aug 2011 23:29:42 +0000

As indicated in the first two links you listed, RIM has already released a 
patch to deal with this vulnerability.  Our primary avenue for protecting our 
environment in cases like this is keeping systems up-to-date as much as 
possible.

As to the idea of separating the roles/servers into separate network zones, it 
is a nice ideal but largely impractical.  Network segmentation is a best 
practice which we follow where possible, but there is no way all potentially 
vulnerable servers (read all of them) could be separated into their own network 
segments.


Dan Palacios
Dept. of Consumer and Business Services
IMD Network Group
503-947-7060



From: oagitm-bounce@xxxxxxxxxxxxx [mailto:oagitm-bounce@xxxxxxxxxxxxx] On 
Behalf Of Sandi Arbuckle
Sent: Monday, August 15, 2011 9:39 AM
To: oagitm@xxxxxxxxxxxxx
Subject: [oagitm] Securing/Hardening of the Blackberry BES platform


RIM has announced an image processing vulnerability (RIM KB27244) that details 
a way to compromise server security by simply sending a carefully crafted TIFF 
or PNG file to any BES user. The vulnerability is present in several versions 
of BES for Exchange and RIM has issued patches. Successful exploitation of 
these vulnerabilities may allow an attacker to gain access to and execute code 
on the BES server at the privilege-level of the BES service account.  What 
steps have other counties already taken or plan to take to isolate BES servers 
on their networks to limit the scope of this and future threats? RIM suggests 
BES could be placed on an isolated DMZ segment to limit the scope of successful 
attacks in addition to applying the security patch that replaces the affected 
image-processing DLL.

Feedback from other counties on their view of this issue and solutions under 
consideration would be helpful.

Links to related information:
https://threatpost.com/en_us/blogs/severe-remote-flaw-fixed-blackberry-enterprise-server-081211
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244
http://docs.blackberry.com/en/admin/deliverables/25734/BlackBerry_Enterprise_Server-Security_Note--1395142-0307061517-001-5.0.3-US.pdf

Thanks,

Sandi Arbuckle
Information Technology Director
Coos County Courthouse
(541)756.8618
(541)404.5319 (c)
sarbuckle@xxxxxxxxxxxxx

"To give anything less than your best, is to sacrifice the gift."  - Steve 
Prefontaine

• References:
  • [oagitm] Securing/Hardening of the Blackberry BES platform
    • From: Sandi Arbuckle

Other related posts:

• » [oagitm] Securing/Hardening of the Blackberry BES platform- Sandi Arbuckle
• » [oagitm] Re: Securing/Hardening of the Blackberry BES platform- Larouche, Chip
• » [oagitm] Re: Securing/Hardening of the Blackberry BES platform - Palacios Dan A

1. Home
2. oagitm
3. Archive
4. 08-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---