Results 1 to 13 of 13

Advisory ID : FrSIRT/ADV-2007-0945 CVE ID : GENERIC-MAP-NOMATCH Rated as : Low Risk Remotely Exploitable ... Smartphone News forum

  1. #1
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Advertisement



    Advisory ID : FrSIRT/ADV-2007-0945
    CVE ID : GENERIC-MAP-NOMATCH
    Rated as : Low Risk
    Remotely Exploitable : Yes
    Locally Exploitable : Yes
    Release Date : 2007-03-14

    Technical Description
    A vulnerability has been identified in various BlackBerry devices, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the BlackBerry browser that fails to properly handle overly long URLs, which could be exploited by attackers to cause a vulnerable device to become slow or to stop responding by tricking a user into following a specially crafted link.

    Affected Products
    BlackBerry Device Software version 4.2 and prior

    Solution
    Upgrade to BlackBerry Device Software 4.2 Service Pack 1 :
    http://na.blackberry.com/eng/support/downloads/

    References
    http://www.frsirt.com/english/advisories/2007/0945

    Credits
    Vulnerability reported by Michael Kemp

    ChangeLog
    2007-03-13 : Initial release

    Note: If you have additional information or corrections for this security advisory please submit them via contact form or by email to updates@frsirt.com.

  2. #2
    flash24's Avatar
    flash24 no está en línea Device Pro
    Join Date
    Aug 2006
    PIN/ID
    3319688f
    Posts
    4,063

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    ~via BB (wap.pinstack.com)~Thanks Hayden!

  3. #3
    joeperrin212's Avatar
    joeperrin212 no está en línea Stack level 4
    Join Date
    Dec 2006
    PIN/ID
    245DA445
    Posts
    658

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    ~via BB (wap.pinstack.com)~
    Wow, thanks for the info hayden! I'll check it out!

  4. #4
    jerrycrabb's Avatar
    jerrycrabb no está en línea Stack level 4
    Join Date
    Aug 2006
    PIN/ID
    AskMe4It
    Posts
    739

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Thanks for the heads up, hopefully the 4.2 software that is said to be headed for the 8700 will already have this solution installed.
    Build a man a fire and he shall be warm for the night. Catch a man on fire and he shall be warm for the rest of his life!

  5. #5
    HotWax's Avatar
    HotWax no está en línea BES Pro
    Join Date
    Jun 2006
    Posts
    146

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Hayden, do you know if this is similar to the BBProxy malware alert that came out a few months ago? Thanks!

  6. #6
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Quote Originally Posted by HotWax
    Hayden, do you know if this is similar to the BBProxy malware alert that came out a few months ago? Thanks!
    No. BBproxy attacked networks via corporate BlackBerry handhelds contected to BES.

    This lastest exploit only attacks the handheld and does not access BES or devices (unless by email). It slows or freezes the BlackBerry's OS by fooling it with an overly long URL. It poses NO security breach to the handheld's content (emails, addressbook etc) and no risk of damaging the device permanently.

    However, if your BB is affected: Apart from the patch. Try to restart without SIM and disable data service till the updated OS is installed.

    I'm not sure how this is communicated. Possible by junk email containing the link. So users should - as always - be cautious of what emails they choose to open/follow links.

  7. #7
    eviljonny's Avatar
    eviljonny no está en línea Stack level 2
    Join Date
    Aug 2006
    Posts
    73

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Upgrade to 4.2 Device software, SP 1? How is that even possible with devices prior to the 8800 and Pearl? I am confused.

  8. #8
    HeywoodJ's Avatar
    HeywoodJ no está en línea Stack level 3
    Join Date
    Sep 2006
    PIN/ID
    pm me
    Posts
    280

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    ~via BB (wap.pinstack.com)~yea and if 4.2 was available for my 7520 I probably would have installed it by now, as that's the first thing I woud have tryed to see if that software had a better browser. so what should a nextel user on a old device do
    And is this something rim does to make us by a new berry and will this efect units other than the berrys?

  9. #9
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerabili

    Here's more info:

    Michael Kemp (clappymonkey) has discovered a denial of service issue in the BlackBerry Browser. Research In Motion (RIM) has corrected this problem in a current release of the BlackBerry Device Software.
    This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 1.9.
    This article is in reference to US-CERT Advisory VU#282856.

    Impact
    A web site creator with malicious intent may use a Hypertext Markup Language (HTML) or Wireless Markup Language (WML) web page that contains a long string value within the link. If the BlackBerry device user accesses the link using the BlackBerry Browser, a temporary denial of service may occur and the BlackBerry device may stop responding.

    Problem
    A temporary denial of service vulnerability exists in the BlackBerry Browser. The BlackBerry Browser may stop responding when parsing a long web page address.

    Cause
    While in the process of parsing a long web page address, the BlackBerry Browser uses almost all of the BlackBerry device processing capability. This may cause the BlackBerry device to become slow or to stop responding.

    Resolution
    Install BlackBerry Device Software 4.2 Service Pack 1 or later.

    Workaround
    If the BlackBerry Browser or BlackBerry device stops responding, do one of the following:
    • Press the Alt and Escape keys simultaneously to switch to another application on the BlackBerry device.
    • Perform a hard reset of the BlackBerry device.
    • Wait for the BlackBerry device or the BlackBerry Browser to respond. This occurs after a period of time relative to the size of the link that exploited the vulnerability.

  10. #10
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    You can download the 4.2 SP1 here:
    https://www.blackberry.com/Downloads...93E4F3BB068C22

  11. #11
    HotWax's Avatar
    HotWax no está en línea BES Pro
    Join Date
    Jun 2006
    Posts
    146

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    This look like the Desktop Manager Software and not the Device software?

  12. #12
    hayden's Avatar
    hayden no está en línea Stack Mod
    Join Date
    Jul 2004
    PIN/ID
    ask
    Posts
    12,440

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    From what I can tell. It's the Desktop Software which applies the fix or setting change (limit to accepted URL length) to the handhelds. This makes sense for RIM to do it this way rather than release patched OS's for every version. Also, in their interest it helps encourage more users to upgrade to 4.2.

    If this can be fixed by DTM for ALL users no matter Device OS version then it's a great example of how larger security threats may be quickly resolved.

  13. #13
    e1nstein's Avatar
    e1nstein no está en línea Stack level 2
    Join Date
    Aug 2006
    PIN/ID
    300D945C
    Posts
    68

    Re: BlackBerry Device Browser Link Handling Client-Side Denial of Service Vulnerability

    Wow this happened years ago with one of the old versions of Internet Explorer. Who would have thought we'd see the same issue arise on another browser

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •