BlackBerry Forums Support Community

Closed Thread
LinkBack Thread Tools
Old 10-15-2004, 01:31 PM   #1 (permalink)
CrackBerry Addict
ScOObydoo's Avatar
Join Date: Aug 2004
Model: Curve
Carrier: tmo
Posts: 829
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default [2004-10-15] RIM Refutes BlackBerry Buffer Overflow Claim

Please Login to Remove!

Call it a case of dueling, nuanced, advisories. Research in Motion (Quote, Chart) has challenged a risk advisory from security firm HexView that it put out this week about RIM's popular Blackberry handheld device, which prompted a new advisory from HexView.

The HexView advisory on Tuesday claimed that the RIM Blackberry could potentially suffer data loss and be at risk of a denial of service attack (define) as the result of a buffer overflow and other vulnerabilities. It also said the issue could "easily be reproduced" by sending a long string (over 128K) meeting request via Microsoft Outlook.

"The Blackberry reboots when it tries to notify the user," HexView's original advisory said. "No user action is required. It is possible to render Blackberry device completely useless by queuing a number of such messages into user's mailbox."

RIM took a look and then followed up with its own advisory.

RIM's analysis said any buffer overflow, stack corruption, data loss and malicious code penetration risk claimed in the HexView advisory are incorrect. "As of this time, Research In Motion has not received any customer reports of this issue being exploited in practice."

RIM did concede that part of HexView's advisory was correct, but that the bug only affects version 3.7 of its software and has already been corrected in BlackBerry handheld software version 3.8 and later.
Closed Thread

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

Pollak# 52-256 Sealed Beam Flash Connector
Pollak# 52-256 Sealed Beam Flash Connector pictureFlash Furniture 4 Pk. HERCULES Series Trapezoidal Back Stacking Banquet Chair in
Flash Furniture 4 Pk. HERCULES Series Trapezoidal Back Stacking Banquet Chair in pictureFlash Furniture Folding Chair Dolly
Flash Furniture Folding Chair Dolly picturewhelen red blue police light flash plastic emergency
whelen red blue police light flash plastic emergency  pictureNortel Startalk Flash NTAB2455
Nortel Startalk Flash NTAB2455 picture

Copyright 2004-2016
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.