CVE-2007-3444

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2007-3444 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Sipera.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2007-3444

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* BlackBerry 7270 smartphone
* BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier

A Denial of Service may occur in the Phone application of the BlackBerry 7270 smartphone.

A malformed SIP INVITE message with a large number of format string parameters in the From field of the message and a source IP address spoofed as the IP address of the SIP INVITE message is sent to the BlackBerry 7270 smartphone. This is designed to overload the function stack frame. As a result, format string vulnerabilities may prevent the BlackBerry smartphone user from making a call using the Phone application on the BlackBerry 7270 smartphone.

Vendor Status:
Blackberry had issued a security update for this vulnerability

Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?noCount=true&externalId=KB12700&sliceId=1&cmd=displayKC&docType=kc&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

CVE Information:
CVE-2007-3444

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus