[ISN] BlackBerry squeezed by DoS security bugs

From: InfoSec News (isn@private)
Date: Mon Jan 09 2006 - 01:36:24 PST


By John Leyden
4th January 2006 

Research In Motion (RIM) has warned of a trio of vulnerabilities in
its popular BlackBerry software that create a means for hackers to
launch denial of service attacks. Patches are available to defend
against only one of the vulnerabilities, but RIM has issued advice on
how to guard against attack from the other two.

The most serious unfixed risk stems from a flaw in processing Server
Routing Protocol (SRP) packets. This security bug creates a possible
means to disrupt communication between BlackBerry Enterprise Server
and BlackBerry Router, potentially disrupting service. A separate
unpatched security bug in the handling of malformed Tiff image
attachments creates a means for a remote hacker to launch denial of
service attacks against the BlackBerry Attachment Service, providing
an internal user is duped into viewing malicious files on a BlackBerry

The vulnerabilities have been reported in BlackBerry Enterprise Server
4.0 as well as later versions. Domino, Exchange and Novell GroupWise
versions of the platform are all affected. Exploitation of the first
vulnerability means a hacker needs to be able to connect to the
BlackBerry Server or Router via port 3101/TCP. Shielding BlackBerry
servers behind a firewall ought to thwart these attacks. Additionally,
RIM advises users to exclude the processing of Tiff images as a
workaround against the second threat, pending the availability of a
more complete fix.

A third security bug - for which a fix has been made available - sees
a BlackBerry handheld web browser vulnerable to a denial of service
via a specially crafted Java Application Description (JAD) file. Users
are advised to install BlackBerry device software version 4.0.2 or
later to guard against attack.

Details of the vulnerabilities were outlined by FX of the Phenoelit
group during a presentation at the 22nd Chaos Communication Congress
in Berlin last week. US CERT has produced an overview of the
vulnerabilities here.

In a statement, RIM said that it had "already developed software fixes
for the issues identified by FX and, although there have been no
customer reports of any actual problems, RIM has also provided
temporary precautionary measures that can be taken in the meantime
until customers are able to implement the software updates". 

Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

This archive was generated by hypermail 2.1.3 : Mon Jan 09 2006 - 02:08:35 PST