BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   General BlackBerry Discussion (http://www.blackberryforums.com/general-blackberry-discussion/)
-   -   RIM Blackberry buffer overflow, DoS, data loss (http://www.blackberryforums.com/general-blackberry-discussion/1344-rim-blackberry-buffer-overflow-dos-data-loss.html)

nx99 10-14-2004 02:32 PM

RIM Blackberry buffer overflow, DoS, data loss
 
Found this over at Engadget.

Quote:

Cause and Effect:
=================
Insufficient data validation for incoming calendar data makes possible
to cause buffer overflow condition leading to stack corruption. As a result,
it is possible to reboot the device (all stored messages will be lost since
RAM storage will be reinitialized). It is also possible to execute code
embedded by the attacker.

Boheme 10-14-2004 02:54 PM

You should read http://www.hexview.com/docs/20041014-1.txt

They are the original source and have corrected their earlier message.

Boheme

Mark Rejhon 10-14-2004 05:49 PM

RIM provided a fix in newer OS. Vulnerability downgraded to MEDIUM.

Original engadget has error. No buffer overflow condition, no loss of data -- just a device reboot because a watchdog timer times out.

There's almost no RAM in a BlackBerry -- messages are stored in flash ROM "on the fly", and messages are not lost during a reboot or battery removable.

JJFate 10-15-2004 10:05 AM

has RIM documented this on their site somewhere? If so, do you have a link?

ScOObydoo 10-15-2004 10:59 AM

You have to wonder what kind of searches these folks do in order to find bugs like this :D

JJFate 10-15-2004 12:21 PM

I guess I should have clarified what I was looking for, Is there documentation on the fix?

JJ

JJFate 10-15-2004 12:24 PM

Found it:
http://www.blackberry.com/knowledgec...3&vernum=0

JJ

sempai 10-15-2004 01:53 PM

Quote:

Originally Posted by ScOObydoo
You have to wonder what kind of searches these folks do in order to find bugs like this :D

Do you really want to know?

I'm a vulnerability researcher by day.

jibi 10-15-2004 02:29 PM

Quote:

Originally Posted by sempai
Quote:

Originally Posted by ScOObydoo
You have to wonder what kind of searches these folks do in order to find bugs like this :D

Do you really want to know?

I'm a vulnerability researcher by day.

actually, i am curious. :)

sempai 10-15-2004 02:46 PM

I haven't done any work with BlackBerry devices other than some forensics to recover data from dead and fried BlackBerry devices.

But there are people that just spend their day finding out new ways to break things in order to make the world a safer place.

As for getting notifications about this, there are tons of people that put this information out, and most people that work in this space aggregate all of it and have to read everything, every single day!

If you wanted to know about security problems with BlackBerry devices and didn't want to deal with everything else, you could probably setup a Google Alert for BlackBerry RIM Vulnerability.

I'm wondering if I am even answering the question the right way.


All times are GMT -5. The time now is 10:16 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.