[Dshield] FW: [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss
securityguy at dslextreme.com
Wed Oct 13 18:17:42 GMT 2004
In light of my recent questions concerning Blackberry devices, I thought the
list would be interested in this from bugtraq.
From: vuln at hexview.com [mailto:vuln at hexview.com]
Sent: Tuesday, October 12, 2004 09:41 PM
To: full-disclosure at lists.netsys.com
Cc: bugtraq at securityfocus.com
Subject: [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss
-----BEGIN PGP SIGNED MESSAGE-----
RIM Blackberry buffer overflow, DoS, data loss
RIM Blackberry is a Java-based wireless connectivity solution providing
phone, e-mail, and other services on a variety of handheld devices.
All tests were performed on a RIM Blackberry 7230 with RIM Blackberry
Operating System software version 220.127.116.11. The Blackberry was synchronized
with Microsoft Exchange server using Blackberry Enterprise Server for
Cause and Effect:
Insufficient data validation for incoming calendar data makes possible to
cause buffer overflow condition leading to stack corruption. As a result, it
is possible to reboot the device (all stored messages will be lost since RAM
storage will be reinitialized). It is also possible to execute code embedded
by the attacker. It should be mentioned that Blackberry developers tools are
The issue can easily be reproduced by sending a standard Microsoft Outlook
meeting request message with very long string (over 128K) in the "Location:"
field. To force immediate user notification, set meeting date/time to the
past. The Blackberry reboots when it tries to notify the user. No user
action is required. It is possible to render Blackberry device completely
useless by queuing a number of such messages into user's mailbox.
At the time of release vendor was not aware of the vulnerability.
HexView does not notify vendors unless there is a prior agreement to do so.
Vendors interested in receiving notifications prior to public disclosure or
more detailed analysis may obtain more information by writing to the e-mail
address provided at the end of the document.
HexView contributes to online security-related lists for almost a decade.
The scope of our expertize spreads over Windows, Linux, Sun, MacOS
platforms, network applications, and embedded devices. The chances are you
read our advisories or disclosures. For more information visit
This document may be freely distributed through any channels as long as the
contents are kept unmodified. Commercial use of the information in the
document is not allowed without written permission from HexView signed by
our pgp key.
Feedback and comments:
Feedback and questions about this disclosure are welcome at
vtalk at hexview.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the list