- #BLACKBERRY APP WRAPPER UNSIGNED INSTALL#
- #BLACKBERRY APP WRAPPER UNSIGNED UPDATE#
- #BLACKBERRY APP WRAPPER UNSIGNED SOFTWARE#
- #BLACKBERRY APP WRAPPER UNSIGNED CODE#
#BLACKBERRY APP WRAPPER UNSIGNED UPDATE#
Update the Java Runtime to version 7 update 18 or laterĪdministrators can update the Java Runtime to be protected from this vulnerability.
To block these affected ports using IPSec on the Microsoft Windows Server®, use the instructions located at. Restart the BlackBerry Web Services service.īlock affected ports to prevent RMI accessĪdministrators can block the affected ports 10 using a firewall appliance or using IPSec on the Windows server. The path of this file will vary, but will be of the form \BWS\server\default\conf\jboss-service.xml where root will include the installation drive letter and the path for UDS.ĥ. The changes to the configuration file are different for BES and UDS due to a change in the JBoss version used. Restart the BlackBerry Web Services service.Save and close the jboss-service.xml file.Modify the jboss-service.xml file to include the following settings:.Open the jboss-service.xml file in a text editor.Depending on the version this could reference the Universal Device Service or BlackBerry Enterprise Service.
The path of this file will vary, but will be of the form \BWS\server\default\conf where root will include the installation drive letter and the path. Prevent network users from calling the RMI interface by changing the configuration fileĮdit the jboss-service.xml file to permit only local users to call the RMI interface. When the administrator’s choice of workaround is applied, the Universal Device Service and BlackBerry Enterprise Service 10 will run normally.
#BLACKBERRY APP WRAPPER UNSIGNED INSTALL#
BlackBerry recommends that customers who are able to do so install the update to secure their systems. All workarounds should be considered temporary measures for customers to apply if they cannot install the update immediately or must perform standard testing and risk analysis.
#BLACKBERRY APP WRAPPER UNSIGNED SOFTWARE#
BlackBerry recommends that all users apply the available software update to fully protect their system. Workarounds are settings or configuration changes that a user or administrator can apply to help protect against an attack. Systems hosting the UDS that are placed behind a firewall that blocks the affected ports are protected from attackers who might exploit this vulnerability. This issue is mitigated for all customers by the prerequisite that any attack must be launched from a location within the corporate network with access to the system hosting the UDS. Examples of such conditions include default settings, common configurations, and general best practices. Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. For a description of the security issue that this security advisory addresses, see the CVE® identifier CVE-2013-3693. This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 8.3. In order to exploit this vulnerability, an attacker must use the Remote Method Invocation (RMI) interface to serve a malicious package to JBoss from a second server on the network that is not blocked by a firewall.
#BLACKBERRY APP WRAPPER UNSIGNED CODE#
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using the privileges of the BES or UDS administration service account. The misconfiguration could allow nonadministrative users to upload packages.
This JBoss interface functionality is not used in BES10 or UDS. The BlackBerry Web Service exposes a JBoss interface that allows a legitimate administrator to upload packages and make them available to clients. A vulnerability exists due to a misconfiguration of the JBoss hosting environment in affected BES10 versions and standalone UDS.
0 kommentar(er)
