SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Other)  >   Blackberry OS Vendors:   Research In Motion Limited
Blackberry Operating System Has Bug in Processing Calendar Data that Lets Remote Users Reset the Device
SecurityTracker Alert ID:  1011654
SecurityTracker URL:  http://securitytracker.com/id/1011654
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 15 2004
Original Entry Date:  Oct 13 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.7.1.41; Model 7230
Description:   Several vulnerabilities were reported in the Blackberry operating system. A remote user can the target user's Blackberry to reset.

HexView reported that the software does not properly process incoming calendar data. A remote user can send a long message that, when stored by the device, will trigger a watchdog timer in the middle of the write process, causing unpredictable results. The device may reset. The vendor has confirmed that a device reset may occur.

A standard Microsoft Outlook meeting request message with a long string greater than 128K in the 'Location:' field is sufficient to trigger the flaw. If the requested meeting time is in the past, this will force user notification and trigger the bug, the report said.

The original HexView advisory indicated that the flaw was a buffer overflow and that messages may be lost during reset, but the updated advisory retracts those statments. The vendor also confirms this.

The vendor's advisory is available at:

http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0

A revised version of the HexView advisory is available at:

http://www.hexview.com/docs/20041014-1.txt

Impact:   A remote user can cause the target device to reset.
Solution:   The vendor has issued fixed versions (3.8 and 4.0). The vendor's advisory is available at:

http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0

Vendor URL:  www.blackberry.com/ (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC