=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN351
_____________________________________________________________________

DATE                      : 10/09/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows running BlackBerry Desktop Software.

======================================================================
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24242
______________________________________________________________________

Insecure library loading in the BlackBerry Desktop Software

Article ID: KB24242

Type: Security Advisory

First Published : 09-09-10

Last Modified: 09-09-2010

Product(s) Affected:

    * BlackBerry® Desktop Software (all versions) for PC

Non Affected Software

    * BlackBerry® Desktop Software (all versions) for Mac

Are BlackBerry smartphones and the BlackBerry Device Software affected?
No.


Issue Severity
This vulnerability has a Common Vulnerability Scoring System (CVSS) score
of 6.5.


Overview

This advisory describes an issue related to a DLL that the BlackBerry Desktop
Manager may use. This issue impacts all versions of the BlackBerry Desktop
Software, and may allow a malicious user to deceive a legitimate user into
allowing remote code execution to occur on the legitimate user's computer.

The BlackBerry Desktop Manager needs to be running for a malicious user to
exploit this vulnerability.


Who should read this advisory

    * IT administrators
    * BlackBerry Desktop Software for PC users

Who should apply the software fix(es)

    * IT administrators
    * BlackBerry Desktop Software for PC users

Recommendation

Complete the resolution actions documented in this advisory.

RIM recommends that users exercise caution when receiving email messages
from untrusted sources, and opening files at the direction of untrusted
sources.

References

CVE® Identifier: CVE-2010-2600

Problem

Successful exploitation of the issue using any version of the
BlackBerry Desktop Software requires the following steps:

   1. The malicious user must have gained access to the internal network
of the BlackBerry Desktop Software user.
   2. The malicious user must have already placed malicious files on the
internal network of the BlackBerry Desktop Software.
   3. The malicious user tries to perform an attack designed to deceive the
legitimate user into using the BlackBerry Desktop Manager to browse to a
location on their internal network.
   4. The legitimate user must choose to use the BlackBerry Desktop Manager
to manually browse to the directory that the malicious user specifies.
   5. The user might be deceived into opening a file that the malicious user
has designed to perform remote code execution using the privileges of the
BlackBerry Desktop Software user on the computer.
   6. The BlackBerry Desktop Manager runs the file once the user has
opened the malicious file.


Resolution

RIM has issued a software update that resolves this issue in
BlackBerry Desktop Software version 6.0. Visit the
BlackBerry Desktop Software Downloads site to download the updated
version of the BlackBerry Desktop Software version 6.0 (version 6.0.0.47).

Users running BlackBerry Desktop Software version 4.7.0 or later may
update to the latest version of the BlackBerry Desktop Software by
responding to an auto-update prompt in the BlackBerry Desktop Manager
that reads as follows:

This update for BlackBerry® Desktop Software 6.0 provides a variety of
fixes and improvements for synchronization and installation. More details
are available in the release notes at http://www.blackberry.com/desktop/docs/.

Note: Microsoft® offers a generic solution to this class of security issue.
For more information, visit http://support.microsoft.com/kb/2264107.


Additional Information
CVE

Common Vulnerabilities and Exposures (CVE) is a dictionary of common names
(CVE Identifiers) for publicly known information security vulnerabilities
maintained by the MITRE corporation.

CVSS

CVSS is a vendor agnostic, industry open standard designed to convey the
severity of vulnerabilities. CVSS scores may be used to determine the
urgency for update deployment within an organization. CVSS scores range
from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS in vulnerability
assessments to present an immutable characterization of security issues.
RIM assigns all security relevant issues a non-zero score.
BlackBerry Security

Visit www.blackberry.com/security for more information on BlackBerry security.


Acknowledgements

RIM credits ACROS Security with discovery of this issue.



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================