Security Tracker has found two denial of service type vulnerabilities with BlackBerry Enterprise Server. The first is a problem where the BlackBerry Attatchment Service can be crashed y remote users with malformed TIFF files.

A remote user can create a specially crafted Tagged Image File Format (TIFF) file that, when viewed by the target user on a Blackberry device, will trigger a heap overflow on the Blackberry Attachment Service and cuase the service to crash. The Attachment Service will restart immediately or after a period of time.

The second vulnerability is problem where the BlackBerry Enterprise Server Router Component lets remote users deny service.

A remote user with the ability to connect to the target BlackBerry Router component can send specially crafted Server Routing Protocol (SRP) packets to disrupt communications between the BlackBerry Enterprise Server and the router. This will prevent communications from BlackBerry devices to the enterprise server.
Research in Motion is working on fixes for both security vulnerabilities and will post them to their site when available.