BlackBerry Forums Support Community - View Single Post - [2006-01-03] Security Hole Claimed for BlackBerrys

jwcanada · 01-23-2006, 01:44 PM

Here is the latest info that I received this morning from our TAM. It appears there are 4 holes which 3 of them have a fix with the HF's in SP3. The last point they are currently working on the fix.

1. Overview - If you download a JAD file with a long descriptor (>256
characters) the dialogue box isn't properly dismissed. Referenced in
KB-04755:

http://www.blackberry.com/knowledgec...xe/fetch/2000/
8021/7925/8142/Support_-_Browser_dialogue_box_not_properly_dismissed_aft
er_downloading_a_corrupt_JAD_file.html?nodeid=1167 791

2. Overview - A specially formed PNG file may lead to arbitrary code
execution on the attachment server. Referenced in KB-04756:

http://www.blackberry.com/knowledgec...xe/fetch/2000/
8021/728075/728850/728215/Support_-_Corrupt_PNG_file_may_cause_heap_over
flow_in_the_Blackberry_Attachment_Service.html?nod eid=1167794

3. Overview - A specially formed TIFF file may lead to cause the
attachment server to crash. The attachment server will automatically
restart. Referenced in KB-04757:

http://www.blackberry.com/knowledgec...xe/fetch/2000/
8021/728075/728850/728215/Known_Issues_-_Corrupt_TIFF_file_may_cause_hea
p_overflow_resulting_in_denial_of_service_in_the_B lackberry_Attachment_S
ervice.html?nodeid=1167895

4. Overview - A malformed packet sent to the BlackBerry Router can cause
it to crash creating a denial of service. Referenced in KB-04758:

http://www.blackberry.com/knowledgec...xe/fetch/2000/
8021/728075/728850/728215/Known_Issues_-_Denial_of_service_on_the_BlackB
erry_Router.html?nodeid=1167898

The first three points above have been addressed in SP3 Hofixes.. Please
visit http://www.blackberry.com/support/do...ot_fixes.shtml to see
the release notes.

The fourth point above refers to the possible "denial of service"
attacks to the BlackBerry Router. This is the only fix that we're still
working on, and a fix should be along soon. It is important to note
that this possible attack must come from inside your environment, since
port 3101 (if configured as per our installation requirements) does NOT
allow any inbound connections.

01-23-2006, 01:44 PM	#3
jwcanada Thumbs Must Hurt Join Date: Feb 2005 Location: Saint Louis Model: 8830 Carrier: Sprint Posts: 130	Here is the latest info that I received this morning from our TAM. It appears there are 4 holes which 3 of them have a fix with the HF's in SP3. The last point they are currently working on the fix. 1. Overview - If you download a JAD file with a long descriptor (>256 characters) the dialogue box isn't properly dismissed. Referenced in KB-04755: http://www.blackberry.com/knowledgec...xe/fetch/2000/ 8021/7925/8142/Support_-_Browser_dialogue_box_not_properly_dismissed_aft er_downloading_a_corrupt_JAD_file.html?nodeid=1167 791 2. Overview - A specially formed PNG file may lead to arbitrary code execution on the attachment server. Referenced in KB-04756: http://www.blackberry.com/knowledgec...xe/fetch/2000/ 8021/728075/728850/728215/Support_-_Corrupt_PNG_file_may_cause_heap_over flow_in_the_Blackberry_Attachment_Service.html?nod eid=1167794 3. Overview - A specially formed TIFF file may lead to cause the attachment server to crash. The attachment server will automatically restart. Referenced in KB-04757: http://www.blackberry.com/knowledgec...xe/fetch/2000/ 8021/728075/728850/728215/Known_Issues_-_Corrupt_TIFF_file_may_cause_hea p_overflow_resulting_in_denial_of_service_in_the_B lackberry_Attachment_S ervice.html?nodeid=1167895 4. Overview - A malformed packet sent to the BlackBerry Router can cause it to crash creating a denial of service. Referenced in KB-04758: http://www.blackberry.com/knowledgec...xe/fetch/2000/ 8021/728075/728850/728215/Known_Issues_-_Denial_of_service_on_the_BlackB erry_Router.html?nodeid=1167898 The first three points above have been addressed in SP3 Hofixes.. Please visit http://www.blackberry.com/support/do...ot_fixes.shtml to see the release notes. The fourth point above refers to the possible "denial of service" attacks to the BlackBerry Router. This is the only fix that we're still working on, and a fix should be along soon. It is important to note that this possible attack must come from inside your environment, since port 3101 (if configured as per our installation requirements) does NOT allow any inbound connections. __________________ ~~Dazed and Confused~~
Offline