SIP INVITE vulnerability in From field format string on the BlackBerry 7270

[BESadmin]

SIP INVITE vulnerability in From field format string on the BlackBerry 7270 smartphone

Doc ID : KB12700
Last Modified : 2007-07-06
Document Type : Security Advisory


Environment

Advisory Posted: 27 March 2007

• BlackBerry® 7270 smartphone
• BlackBerry® Device Software 4.0 Service Pack 1 Bundle 83 and earlier
• SDR125232

Overview

Vulnerabilities exist in the Session Initiation Protocol (SIP) implemented on a BlackBerry 7270 smartphone running BlackBerry Device Software 4.0 Service Pack 1 Bundle 83 and earlier. If these vulnerabilities are exploited by a person with malicious intent, a denial of service may occur in the Phone application, but this will not affect the other capabilities of the BlackBerry 7270 smartphone. This does not affect any other BlackBerry device.

Note: Exploiting these vulnerabilities requires access to a private branch exchange (PBX) from within an enterprise network.

Impact

A denial of service may occur in the Phone application of the BlackBerry 7270 smartphone.

Problem

The BlackBerry 7270 smartphone user receives a malformed SIP INVITE message. When the BlackBerry smartphone user tries to make a call using the Phone application, the following problems occur:

• An uncaught exception error message is displayed.
• When the BlackBerry smartphone user tries to initiate a call, the following error message is displayed: Cannot connect. Call in progress
• The BlackBerry smartphone cannot receive incoming calls. The BlackBerry smartphone does not ring or display any indication of incoming calls.

Note: The BlackBerry smartphone continues to respond to ping requests.

Cause

A malformed SIP INVITE message with a large number of format string parameters in the From field of the message and a source IP address spoofed as the IP address of the SIP INVITE message is sent to the BlackBerry 7270 smartphone. This is designed to overload the function stack frame. As a result, format string vulnerabilities may prevent the BlackBerry smartphone user from making a call using the Phone application on the BlackBerry 7270 smartphone.

Resolution

Upgrade to BlackBerry Device Software 4.0 Service Pack 1 Bundle 108 or later.

Workaround

Reset the Phone application by performing a hard reset of the BlackBerry smartphone. For instructions, see KB02141.

Additional Information

Discovery attribution: This vulnerability was discovered by Sipera VIPER Lab, which assisted Research In Motion (RIM) in identifying the cause of the issue.

Reference: This issue is being tracked by US-CERT as VU#785257.
CVSS score: This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 3.3 (Moderate).

CVSS is a vendor agnostic, industry open standard designed to convey the severity of vulnerabilities. CVSS scores may be used to determine the urgency for update deployment within an organization. CVSS scores range from 0.0 (no vulnerability) to 10.0 (critical). RIM uses CVSS for vulnerability assessments to present an immutable characterization of security issues. RIM assigns all relevant security issues a non-zero score.

For more information on SIP vulnerabilities, see KB12705 and KB12707.