Bugtraq mailing list archives
RIM BlackBerry Pearl 8100 Browser DoS
From: clappymonkey () gmail com
Date: 12 Mar 2007 11:40:14 -0000
RIM BlackBerry Pearl 8100 Browser DoS ------ 12 March 2007 Summary: A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld (v4.2.0.51). It is possible for a remote attacker to construct a WML page that contains an overly long string value within a link (e.g.: <a href = "aaaaaaaaaaaaaaaaaaa etc.>). Should the page or link be accessed by BlackBerry devices, this leads to a temporary Denial of Service within the 4thPass browser component on the device, and temporary device inoperability. Normal functionality will be returned to the browser / device after an amount of time relative to the size of the link supplied, or by physically removing and reinserting the battery thereby creating a reset. Business Impact: Exploitation of this issue can lead to a loss of device functionality. Affected Product(s): The BlackBerry 8100 (Pearl) handheld device (v4.2.0.51) Remediation: Upgrade to vendor patch 4.2.1 Additional details of this vulnerability are available from the vendor at www.blackberry.com/security/news.jsp Credit: Michael Kemp (www.clappymonkey.com)
Current thread:
- RIM BlackBerry Pearl 8100 Browser DoS clappymonkey (Mar 12)
- <Possible follow-ups>
- Re: RIM BlackBerry Pearl 8100 Browser DoS anon (Mar 13)
- Re: Re: RIM BlackBerry Pearl 8100 Browser DoS clappymonkey (Mar 13)