Blackberry Security Notice: Buffer Overflow
Ryan on the Blackberry Users group alerted the group to the recent disclosure by Hexview where sending a "... a standard Microsoft Outlook meeting request message with very long string (over 128K) in the 'Location:' field.." causes the Blackberry to reboot immediately, losing all stored messages. You can read the entire disclosure here, here's an excerpt:
Overview:
=========
RIM Blackberry is a Java-based wireless connectivity solution providing phone, e-mail, and other services on a variety of handheld devices.Affected products:
==================
All tests were performed on a RIM Blackberry 7230 with RIM Blackberry Operating System software version 3.7.1.41. The Blackberry was synchronized with Microsoft Exchange server using Blackberry Enterprise Server for Microsoft Exchange.Cause and Effect:
=================
Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available.
October 13, 2004 in News by ajohnson