Research In Motion Blackberry远程服务拒绝漏洞

漏洞信息详情

Research In Motion Blackberry远程服务拒绝漏洞

• CNNVD编号：CNNVD-200410-012
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1597
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2004-10-13
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-23
  
• 厂        商：
  
  rim
• 漏洞来源：
  The individual res…

运行RIM Blackberry OS 3.7 SP1版本的RIM Blackberry 7230存在漏洞。远程攻击者可以借助带有超长Location 字段的日历信息导致服务拒绝（设备重启或可能数据破坏），在信息储存时引起watchdog。

The vendor has reported that this issue has been addressed in version 3.8 and 4.0 of the handheld software.
Additionally, the vendor has released server level updates:
BlackBerry Enterprise Server 4.0
BlackBerry Enterprise Server 3.6 Service Pack 4 Hot Fix #1 for Microsoft Exchange
BlackBerry Enterprise Server for IBM Lotus Domino version 2.2 Service Pack 4 Hot Fix #1
These updates will prevent the servers from delivering malicious meeting request messages to the handheld devices.

来源: XF
名称: blackberry-calendar-bo(17700)
链接:http://xforce.iss.net/xforce/xfdb/17700

来源: BID
名称: 11389
链接:http://www.securityfocus.com/bid/11389

来源: www.blackberry.com
链接:http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_%20Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0

来源: SECUNIA
名称: 12814
链接:http://secunia.com/advisories/12814

来源: www.hexview.com
链接:http://www.hexview.com/docs/20041012-1.txt

来源: BUGTRAQ
名称: 20041014 [HV-MED] UPDATE: RIM Blackberry DoS, data loss
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109778267829493&w=2

来源: BUGTRAQ
名称: 20041013 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109769022430842&w=2

来源: FULLDISC
名称: 20041012 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027487.html