BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 10-15-2004, 02:31 PM   #1 (permalink)
CrackBerry Addict
 
ScOObydoo's Avatar
 
Join Date: Aug 2004
Model: Curve
Carrier: tmo
Posts: 829
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default [2004-10-15] RIM Refutes BlackBerry Buffer Overflow Claim

Please Login to Remove!

Quote:
Call it a case of dueling, nuanced, advisories. Research in Motion (Quote, Chart) has challenged a risk advisory from security firm HexView that it put out this week about RIM's popular Blackberry handheld device, which prompted a new advisory from HexView.

The HexView advisory on Tuesday claimed that the RIM Blackberry could potentially suffer data loss and be at risk of a denial of service attack (define) as the result of a buffer overflow and other vulnerabilities. It also said the issue could "easily be reproduced" by sending a long string (over 128K) meeting request via Microsoft Outlook.

"The Blackberry reboots when it tries to notify the user," HexView's original advisory said. "No user action is required. It is possible to render Blackberry device completely useless by queuing a number of such messages into user's mailbox."

RIM took a look and then followed up with its own advisory.

RIM's analysis said any buffer overflow, stack corruption, data loss and malicious code penetration risk claimed in the HexView advisory are incorrect. "As of this time, Research In Motion has not received any customer reports of this issue being exploited in practice."

RIM did concede that part of HexView's advisory was correct, but that the bug only affects version 3.7 of its software and has already been corrected in BlackBerry handheld software version 3.8 and later.
http://www.internetnews.com/security...le.php/3422381
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.