Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution

#BlackBerry

Source: http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27244

Affected Software
The issue affects the following software versions:

  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for Microsoft Exchange
  • BlackBerry® Enterprise Server version 5.0.1 through 5.0.3 MR2 for IBM Lotus Domino
  • BlackBerry® Enterprise Server version 4.1.7 and version 5.0.1 through 5.0.1 MR3 for Novell GroupWise
  • BlackBerry® Enterprise Server Express version 5.0.1 through 5.0.3 for Microsoft Exchange
  • BlackBerry® Enterprise Server Express version 5.0.2 and 5.0.3 for IBM Lotus Domino
  • Note: BlackBerry Enterprise Server version 5.0.3 MR3 and later for Microsoft Exchange and IBM Lotus Domino are not affected.

Issue Severity
These vulnerabilities have a Common Vulnerability Scoring System (CVSS) score of 10.0 (high severity). See the References section below for the list of issues by CVE issue identifier.

Overview
Vulnerabilities exist in components of the BlackBerry Enterprise Server that process PNG and TIFF images for rendering on the BlackBerry smartphone. The BlackBerry® Mobile Data System – Connection Service component processes images on web pages that the BlackBerry® Browser requests. The BlackBerry® Messaging Agent component processes images in email messages. 

High BlackBerrySyncServer.exe CPU utilization after upgrading to BlackBerry Enterprise Server 5.0 SP3 MR3

#BlackBerry #Exchange #Exchange2010

DOH!

Source: http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB27976

Overview
After applying MR3 for BlackBerry® Enterprise Server 5.0 SP3 the CPU utilization of the BlackBerrySyncServer.exe process can spike up to 100%.

Environment

  • BlackBerry® Enterprise Server 5.0 SP3 MR3
  • DT 1839166

Cause
Changes to BlackBerry Synchronization Service throttling cause more slow sync requests to be scheduled than should be scheduled.

Resolution
This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available. Back to top

Workaround

  1. Re-install BlackBerry Enterprise Server 5.0 SP3 to remove all maintenance releases.
  2. Install BlackBerry Enterprise Server 5.0 SP3 MR2.