SIP INVITE URI user name format string vulnerability in the BlackBerry 7270 smartphone

Article ID: KB12707

Type:   Security Advisory

First Published: 03-27-07

Last Modified: 09-02-2010

 

Product(s) Affected:

  • BlackBerry 7200 Series
Collapse Products
ExpandAffected Software
  • BlackBerry® 7270 smartphone
  • BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier
ExpandAre BlackBerry smartphones and the BlackBerry Device Software affected?

Yes.

CollapseIssue Severity

This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 2.3 (Moderate).

CollapseOverview

Vulnerabilities exist in the Session Initiation Protocol (SIP) implemented on a BlackBerry 7270 smartphone running BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier. If these vulnerabilities are exploited by a person with malicious intent, a Denial of Service (DoS) may occur in the Phone application, but this will not affect the other capabilities of the BlackBerry 7270 smartphone. This does not affect any other BlackBerry device.

Note: Exploiting these vulnerabilities requires access to a private branch exchange (PBX) from within an enterprise network.

ExpandRecommendation
Complete the resolution actions documented in this advisory.
ExpandReferences

This issue is being tracked by US-CERT as VU#619465.

For more information on SIP vulnerabilities, see KB12700 and KB12705.

CollapseProblem

A BlackBerry 7270 smartphone receives a malformed SIP INVITE message. The following problems occur on the BlackBerry smartphone:

  • The BlackBerry smartphone user cannot make a call using the Phone application.
  • The BlackBerry smartphone may ring when it initially receives the malformed message, but does not receive incoming calls afterward (i.e. the BlackBerry smartphone does not ring or display any indication of incoming calls).
ExpandImpact

A DoS may occur in the Phone application of the BlackBerry 7270 smartphone.

A person with malicious intent sends a malformed SIP INVITE message that includes a Uniform Resource Identifier (URI) with a user name, but no host name in the Contact header to the BlackBerry 7270 smartphone. As a result, format string vulnerabilities on the BlackBerry smartphone may prevent the BlackBerry smartphone user from making a call using the Phone application on the BlackBerry 7270 smartphone.

CollapseResolution

Upgrade to BlackBerry Device Software 4.0 Service Pack 1 Bundle 108 or later.

CollapseWorkaround

Reset the Phone application by performing a hard reset of the BlackBerry smartphone. For instructions, see KB02141.

CollapseAdditional Information

CVSS

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.

BlackBerry Security

Visit www.blackberry.com/security for more information on BlackBerry security.

CollapseAcknowledgements
This vulnerability was discovered by Sipera VIPER Lab, which assisted Research In Motion (RIM) in identifying the cause of the issue.
CollapseChange Log

09-02-10

Updates to article formatting. No technical content changed.

12-09-08

Update due to a system upgrade that did not affect article content.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.