~via BB (wap.pinstack.com)~Thanks Hayden!
Advisory ID : FrSIRT/ADV-2007-0945
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-03-14
A vulnerability has been identified in various BlackBerry devices, which could be exploited by remote attackers to cause a denial of service. This issue is due to an error in the BlackBerry browser that fails to properly handle overly long URLs, which could be exploited by attackers to cause a vulnerable device to become slow or to stop responding by tricking a user into following a specially crafted link.
BlackBerry Device Software version 4.2 and prior
Upgrade to BlackBerry Device Software 4.2 Service Pack 1 :
Vulnerability reported by Michael Kemp
2007-03-13 : Initial release
Note: If you have additional information or corrections for this security advisory please submit them via contact form or by email to email@example.com.
~via BB (wap.pinstack.com)~Thanks Hayden!
~via BB (wap.pinstack.com)~
Wow, thanks for the info hayden! I'll check it out!
Thanks for the heads up, hopefully the 4.2 software that is said to be headed for the 8700 will already have this solution installed.
Build a man a fire and he shall be warm for the night. Catch a man on fire and he shall be warm for the rest of his life!
Hayden, do you know if this is similar to the BBProxy malware alert that came out a few months ago? Thanks!
No. BBproxy attacked networks via corporate BlackBerry handhelds contected to BES.Originally Posted by HotWax
This lastest exploit only attacks the handheld and does not access BES or devices (unless by email). It slows or freezes the BlackBerry's OS by fooling it with an overly long URL. It poses NO security breach to the handheld's content (emails, addressbook etc) and no risk of damaging the device permanently.
However, if your BB is affected: Apart from the patch. Try to restart without SIM and disable data service till the updated OS is installed.
I'm not sure how this is communicated. Possible by junk email containing the link. So users should - as always - be cautious of what emails they choose to open/follow links.
Upgrade to 4.2 Device software, SP 1? How is that even possible with devices prior to the 8800 and Pearl? I am confused.
~via BB (wap.pinstack.com)~yea and if 4.2 was available for my 7520 I probably would have installed it by now, as that's the first thing I woud have tryed to see if that software had a better browser. so what should a nextel user on a old device do
And is this something rim does to make us by a new berry and will this efect units other than the berrys?
Here's more info:
Michael Kemp (clappymonkey) has discovered a denial of service issue in the BlackBerry Browser. Research In Motion (RIM) has corrected this problem in a current release of the BlackBerry Device Software.
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 1.9.
This article is in reference to US-CERT Advisory VU#282856.
A web site creator with malicious intent may use a Hypertext Markup Language (HTML) or Wireless Markup Language (WML) web page that contains a long string value within the link. If the BlackBerry device user accesses the link using the BlackBerry Browser, a temporary denial of service may occur and the BlackBerry device may stop responding.
A temporary denial of service vulnerability exists in the BlackBerry Browser. The BlackBerry Browser may stop responding when parsing a long web page address.
While in the process of parsing a long web page address, the BlackBerry Browser uses almost all of the BlackBerry device processing capability. This may cause the BlackBerry device to become slow or to stop responding.
Install BlackBerry Device Software 4.2 Service Pack 1 or later.
If the BlackBerry Browser or BlackBerry device stops responding, do one of the following:
- Press the Alt and Escape keys simultaneously to switch to another application on the BlackBerry device.
- Perform a hard reset of the BlackBerry device.
- Wait for the BlackBerry device or the BlackBerry Browser to respond. This occurs after a period of time relative to the size of the link that exploited the vulnerability.
This look like the Desktop Manager Software and not the Device software?
From what I can tell. It's the Desktop Software which applies the fix or setting change (limit to accepted URL length) to the handhelds. This makes sense for RIM to do it this way rather than release patched OS's for every version. Also, in their interest it helps encourage more users to upgrade to 4.2.
If this can be fixed by DTM for ALL users no matter Device OS version then it's a great example of how larger security threats may be quickly resolved.
Wow this happened years ago with one of the old versions of Internet Explorer. Who would have thought we'd see the same issue arise on another browser