Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Blackberries.

From: "Jablonski, Andy" <ajablonski () csuchico edu>
Date: Fri, 6 Jan 2006 13:39:10 -0800
I just saw this on the SANS mailing list. Hope it helps:

--BlackBerry Acknowledges Security Flaws 
(5/4 January 2006)
BlackBerry maker Research in Motion (RIM) has acknowledged three
vulnerabilities in the Blackberry software.  A fix for one of the
vulnerabilities is available.  BlackBerry has provided information on
how to protect devices from attacks via the other two.  The most serious
of the vulnerabilities involved a "flaw in processing Server Routing
Protocol (SRP) packets."  Another flaw lies in the way maliciously
crafted TIFF image attachments are handled.  Having BlackBerry servers
behind a firewall should protect users from being attacked via the SRP
flaw.  A third vulnerability, which has been fixed in BlackBerry device
software 4.0.2 and later, could have allowed denial-of-service attacks
through maliciously crafted Java Application Description (JAD) files.
http://www.theregister.co.uk/2006/01/04/blackberry_security_bugs/print.h
tml
http://www.out-law.com/page-6509
http://www.net-security.org/article.php?id=887
US CERT Vulnerability Notes:
http://www.kb.cert.org/vuls/byid%3fsearchview%26query=rim_blackberry_fx_
dec_2006
http://www.computerworld.com/printthis/2006/0,4814,107447,00.html
http://hardware.silicon.com/pdas/0,39024643,39155326,00.htm  
http://www.eweek.com/print_article2/0,1217,a=168379,00.asp


-----Original Message-----
From: xyberpix [mailto:xyberpix () xyberpix com] 
Sent: Thursday, January 05, 2006 1:38 PM
To: nfanelli () empire edu
Cc: pen-test () securityfocus com
Subject: Re: Blackberries.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm not too sure which version/devices were affected but there were  
some BO's found on some Blackberry devices a while back. Do a quick  
google for Blackberry exploits and they'll turn up.

HTH

xyberpix

On 27 Dec 2005, at 20:08, nfanelli () empire edu wrote:


Good Afternoon,
A client of mine has several dozen blackberry devices (all model#  
7310e).  I'm looking for ways to exploit any vulnerbilities on  
services/features.  Obviously bluetooth comes to mind along with  
the Blackberry IM service, but are there any others?  And how  
concerned should I be? The client has a blackberry server on the  
trusted network to forward all emails.

Thanks for your help.
Nicholas Fanelli

----------------------------------------------------------------------



--------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications  
on your
website. Up to 75% of cyber attacks are launched on shopping carts,  
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down  
servers are
futile against web application hacking. Check your website for  
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before  
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------



---------



Blog: http://xyberpix.blogspot.com



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDvZG8cRMkOnlkwMERAlaEAJ4mFf6WGphyqfT3O0fTA0cWcTtLuQCeJlXA
ZZ6G+kjgjLw8scmyXK06HUQ=
=kTj6
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on
your 
website. Up to 75% of cyber attacks are launched on shopping carts,
forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are 
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before
hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: