Log in

View Full Version : It Seems Nothing Is Invulnerable To Buffer Overflow Issues


Ed Hansberry
10-20-2004, 10:00 PM
<a href="http://www.internetnews.com/security/article.php/3422381">http://www.internetnews.com/security/article.php/3422381</a><br /><br /><i>"Insufficient data validation for incoming calendar data makes possible to cause buffer overflow condition leading to stack corruption. As a result, it is possible to reboot the device (all stored messages will be lost since RAM storage will be reinitialized). It is also possible to execute code embedded by the attacker. It should be mentioned that Blackberry developers tools are freely available. The issue can easily be reproduced by sending a standard Microsoft Outlook meeting request message with very long string (over 128K) in the "Location:" field. To force immediate user notification, set meeting date/time to the past. The Blackberry reboots when it tries to notify the user. No user action is required. It is possible to render Blackberry device completely useless by queuing a number of such messages into user's mailbox."</i><br /><br />I just thought this was interesting given how many people complain about buffer overflow issues and other bugs on Microsoft platforms. The truth is, everyone has them. Doesn't excuse their existence, but even something as appliance-like as a Blackberry can be taken out by a bug. RIM has fixed this issue in the latest version of their software.

sponge
10-20-2004, 11:31 PM
People don't complain about the presence of buffer overflows as much as they do MS not fixing them. This is the first I've even heard of this exploit, and there's already a fix out!