Found this over at Engadget.

Quote:

Cause and Effect:
=================
Insufficient data validation for incoming calendar data makes possible
to cause buffer overflow condition leading to stack corruption. As a result,
it is possible to reboot the device (all stored messages will be lost since
RAM storage will be reinitialized). It is also possible to execute code
embedded by the attacker.

You should read http://www.hexview.com/docs/20041014-1.txt

They are the original source and have corrected their earlier message.

Boheme

RIM provided a fix in newer OS. Vulnerability downgraded to MEDIUM.

Original engadget has error. No buffer overflow condition, no loss of data -- just a device reboot because a watchdog timer times out.

There's almost no RAM in a BlackBerry -- messages are stored in flash ROM "on the fly", and messages are not lost during a reboot or battery removable.

has RIM documented this on their site somewhere? If so, do you have a link?

You have to wonder what kind of searches these folks do in order to find bugs like this :D

I guess I should have clarified what I was looking for, Is there documentation on the fix?

JJ

Found it:
http://www.blackberry.com/knowledgec...3&vernum=0

JJ

Do you really want to know?

I'm a vulnerability researcher by day.

actually, i am curious.

I haven't done any work with BlackBerry devices other than some forensics to recover data from dead and fried BlackBerry devices.

But there are people that just spend their day finding out new ways to break things in order to make the world a safer place.

As for getting notifications about this, there are tons of people that put this information out, and most people that work in this space aggregate all of it and have to read everything, every single day!

If you wanted to know about security problems with BlackBerry devices and didn't want to deal with everything else, you could probably setup a Google Alert for BlackBerry RIM Vulnerability.

I'm wondering if I am even answering the question the right way.