- BlackBerry® 7270 smartphone
- BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier
This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 2.3 (Moderate).
Vulnerabilities exist in the Session Initiation Protocol (SIP) implemented on a BlackBerry 7270 smartphone running BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier. If these vulnerabilities are exploited by a person with malicious intent, a Denial of Service (DoS) may occur in the Phone application, but this will not affect the other capabilities of the BlackBerry 7270 smartphone. This does not affect any other BlackBerry device.
Note: Exploiting these vulnerabilities requires access to a private branch exchange (PBX) from within an enterprise network.
A BlackBerry 7270 smartphone receives a malformed SIP INVITE message. The following problems occur on the BlackBerry smartphone:
- The BlackBerry smartphone user cannot make a call using the Phone application.
- The BlackBerry smartphone may ring when it initially receives the malformed message, but does not receive incoming calls afterward (i.e. the BlackBerry smartphone does not ring or display any indication of incoming calls).
A DoS may occur in the Phone application of the BlackBerry 7270 smartphone.
A person with malicious intent sends a malformed SIP INVITE message that includes a Uniform Resource Identifier (URI) with a user name, but no host name in the Contact header to the BlackBerry 7270 smartphone. As a result, format string vulnerabilities on the BlackBerry smartphone may prevent the BlackBerry smartphone user from making a call using the Phone application on the BlackBerry 7270 smartphone.
Upgrade to BlackBerry Device Software 4.0 Service Pack 1 Bundle 108 or later.
Reset the Phone application by performing a hard reset of the BlackBerry smartphone. For instructions, see KB02141.
CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.
Visit www.blackberry.com/security for more information on BlackBerry security.
Updates to article formatting. No technical content changed.
Update due to a system upgrade that did not affect article content.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.