For a nominal annual fee, you can have a dedicated development and testing environment deployed in your local environment or hosted in the BlackBerry cloud. This is the recommended approach to ensure full access to Workspaces and BlackBerry award-winning support. Purchase a BlackBerry Workspaces cloud account.If you don’t already have access to BlackBerry Workspaces, you have two options to continue: Reach out to your Workspaces administrator to gain access to the Workspaces API. Cloud customers are allowed to test against their production cloud instance. Once the file containing the shell code is uploaded, the attacker could then send commands to /whiteLabel/shell.jsp?cmd=(insert command here), through the GET web request to the web server.To use the BlackBerry REST API or Java SDK, you must have access to an on prem or cloud Workspaces server.Ĭustomers who have purchased Workspaces are allowed to deploy development and test servers under the terms of their license agreement. An attacker could exploit this vulnerability by sending a POST request to /fileserver/saveDocument to upload a file, such as shell.jsp, to /././mnt/filespace/0/whiteLabel/. Rafaloff found that the API, saveDocument, allowed unauthenticated file uploads to the web server. This involved using a similar method as previously discussed in sensitive information disclosure, but to a different file path using a POST web request. Using the returned source code of the application, Rafaloff discovered a directory traversal vulnerability that could be abused to upload files, such as a file containing code for a command prompt shell. Once the attacker has access to the source code, they could tailor their next attack based off of vulnerabilities with the code.ĭirectory Traversal Picture taken from GDS Picture taken from GDS Although this is a simple vulnerability to be exploited, an attacker would need to have knowledge of the BlackBerry Workspaces Server file system format and have access to the network that the server is running on. This involved sending an unauthenticated Hypertext Transfer Protocol (HTTP) GET web request to the file path: /fileserver/main.js. Sensitive Information Disclosure Picture taken from GDSĮric Rafaloff, a researcher for GDS, discovered a vulnerability in BlackBerry Workspaces Server that allowed the source code for the application to be revealed. vApp versions on the 5.5 codeline: versions 5.5.10 and later.vApp versions on the 5.6 codeline: versions 5.6.7 and later.Appliance-X versions on the 1.11 codeline: versions 1.11.3 and later.The Workspaces Server components that are unaffected by these vulnerabilities are: Appliance-X versions 1.11.2 and earlier.Eventually, BlackBerry released an advisory for system administrators using the Workspaces Server components that are affected by these vulnerabilities, which are: BlackBerry requested GDS to keep the vulnerabilities between each other until they could patch the vulnerabilities. GDS originally disclosed the vulnerabilities to BlackBerry on May 10, 2017. These vulnerabilities are tracked as CVE-2017-9368: Sensitive Information Disclosure, with a Common Vulnerability Scoring System version 3 (CVSSv3) of 4.3, and CVE-2017-9367: Directory Traversal, with a CVSSv3 of 8.1. There are two vulnerabilities with the API inside BlackBerry Workspaces that allow an attacker to submit an unauthenticated request to eventually allow remote code execution on the server. Gotham Digital Services (GDS), a cybersecurity research company, disclosed two vulnerabilities with this service to the public on October 16 with the coordination of BlackBerry. An API is a set of subroutine definitions, protocols, and tools for building application software in computer systems. A recent vulnerability with this service involves taking advantage of an Application Programming Interface (API) with the service. BlackBerry Workspaces Server is a system designed for system administrators to manage workspaces, devices, and users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |