[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS
From: "mike kemp" <clappymonkey@xxxxxxxxx>
Date: Mon, 12 Mar 2007 10:39:23 +0000

RIM BlackBerry Pearl 8100 Browser DoS
------

12 March 2007

Summary:
A vulnerability has been discovered that could impact upon the availability
of the BlackBerry 8100 Wireless handheld (v4.2.0.51). It is possible for a
remote attacker to construct a WML page that contains an overly long string
value within a link (e.g.: <a href = "aaaaaaaaaaaaaaaaaaa etc.>). Should the
page or link be accessed by BlackBerry devices, this leads to a temporary
Denial of Service within the 4thPass browser component on the device, and
temporary device inoperability. Normal functionality will be returned to the
browser / device after an amount of time relative to the size of the link
supplied, or by physically removing and reinserting the battery thereby
creating a reset.

Business Impact:
Exploitation of this issue can lead to a loss of device functionality.

Affected Product(s):
The BlackBerry 8100 (Pearl) handheld device (v4.2.0.51)

Remediation:
Upgrade to vendor patch 4.2.1

Additional details of this vulnerability are available from the vendor at
www.blackberry.com/security/news.jsp

Credit:
Michael Kemp (www.clappymonkey.com)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
Next by Date: Re: [Full-disclosure] firefox 2.0.0.2 crash
Previous by thread: Re: [Full-disclosure] Iframe-Cash/Iframe-Dollars Adware bundle...oooh... my ....god..
Next by thread: [Full-disclosure] Call for Papers: DeepSec IDSC 2007 Europe/Vienna: 20-23 Nov 2007
Index(es):
- Date
- Thread