|
|
|
|
| |
Credit:
|
| |
Vulnerable Systems:
*BlackBerry Desktop Software 4.7 (PC OS)
*BlackBerry Desktop Software 5.0 (PC OS)
*BlackBerry Desktop Software 6.0 (PC OS)
*BlackBerry Desktop Software 1.0 (Mac OS)
Immune Systems:
*BlackBerry Device Software
*BlackBerry Enterprise Software
*BlackBerry Internet Service
*BlackBerry Desktop Software versions earlier than 4.7 (PC OS)
Successful exploitation of the issue using the affected versions of the BlackBerry Desktop Software requires the following steps:
1.The BlackBerry Desktop Software user uses a weak password that is susceptible to brute force attacks to encrypt the backup file. Note that the encryption key generation process adds a random value to the password the user chooses to improve the strength of the password before generating the encryption key.
2.The malicious user must be able to gain access to the backup file.
3.The malicious user would need to rely on repeated attempts to determine the password to decrypt the backup file.
Vendor Status:
Blackberry had issued an update for this vulnerability
Patch Availability:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB24764&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
CVE Information:
CVE-2010-2603
|
|
|
|
|
