TITLE: BlackBerry Enterprise Server Mobile Data Service Denial of Service SECUNIA ADVISORY ID: SA13861 VERIFY ADVISORY: http://secunia.com/advisories/13861/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: BlackBerry Enterprise Server for Exchange 4.x http://secunia.com/product/4530/ BlackBerry Enterprise Server for Domino 2.x http://secunia.com/product/4528/ BlackBerry Enterprise Server for Domino 4.x http://secunia.com/product/4531/ BlackBerry Enterprise Server for Exchange 3.x http://secunia.com/product/1952/ DESCRIPTION: A vulnerability has been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Mobile Data Service when processing WML (Wireless Markup Language) pages and can be exploited by tricking a user into viewing a malicious WML page containing an URL without space characters in the comment block. Successful exploitation causes a 100% CPU utilisation. SOLUTION: The vulnerability has been fixed in the following versions: * BlackBerry Enterprise Server for Domino 2.2 Service Pack 4 Hot Fix 2 * BlackBerry Enterprise Server for Microsoft Exchange 3.6 Service Pack 4 Hot Fix 2 Secunia is currently not aware of any available fixes for the following affected versions: * BlackBerry Enterprise Server for Microsoft Exchange 4.0 * BlackBerry Enterprise Server for Domino 4.0 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------