Penetration Testing mailing list archives
RE: Blackberries.
From: "Jablonski, Andy" <ajablonski () csuchico edu>
Date: Fri, 6 Jan 2006 13:39:10 -0800
I just saw this on the SANS mailing list. Hope it helps: --BlackBerry Acknowledges Security Flaws (5/4 January 2006) BlackBerry maker Research in Motion (RIM) has acknowledged three vulnerabilities in the Blackberry software. A fix for one of the vulnerabilities is available. BlackBerry has provided information on how to protect devices from attacks via the other two. The most serious of the vulnerabilities involved a "flaw in processing Server Routing Protocol (SRP) packets." Another flaw lies in the way maliciously crafted TIFF image attachments are handled. Having BlackBerry servers behind a firewall should protect users from being attacked via the SRP flaw. A third vulnerability, which has been fixed in BlackBerry device software 4.0.2 and later, could have allowed denial-of-service attacks through maliciously crafted Java Application Description (JAD) files. http://www.theregister.co.uk/2006/01/04/blackberry_security_bugs/print.h tml http://www.out-law.com/page-6509 http://www.net-security.org/article.php?id=887 US CERT Vulnerability Notes: http://www.kb.cert.org/vuls/byid%3fsearchview%26query=rim_blackberry_fx_ dec_2006 http://www.computerworld.com/printthis/2006/0,4814,107447,00.html http://hardware.silicon.com/pdas/0,39024643,39155326,00.htm http://www.eweek.com/print_article2/0,1217,a=168379,00.asp -----Original Message----- From: xyberpix [mailto:xyberpix () xyberpix com] Sent: Thursday, January 05, 2006 1:38 PM To: nfanelli () empire edu Cc: pen-test () securityfocus com Subject: Re: Blackberries. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not too sure which version/devices were affected but there were some BO's found on some Blackberry devices a while back. Do a quick google for Blackberry exploits and they'll turn up. HTH xyberpix On 27 Dec 2005, at 20:08, nfanelli () empire edu wrote:
Good Afternoon, A client of mine has several dozen blackberry devices (all model# 7310e). I'm looking for ways to exploit any vulnerbilities on services/features. Obviously bluetooth comes to mind along with the Blackberry IM service, but are there any others? And how concerned should I be? The client has a blackberry server on the trusted network to forward all emails. Thanks for your help. Nicholas Fanelli ----------------------------------------------------------------------
-------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ----------------------------------------------------------------------
---------
Blog: http://xyberpix.blogspot.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDvZG8cRMkOnlkwMERAlaEAJ4mFf6WGphyqfT3O0fTA0cWcTtLuQCeJlXA ZZ6G+kjgjLw8scmyXK06HUQ= =kTj6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Blackberries. xyberpix (Jan 05)
- Re: Blackberries. Demetrio CarriĆ³n (Jan 06)
- <Possible follow-ups>
- RE: Blackberries. Jablonski, Andy (Jan 06)