CVE-2005-2343
CVSS2.6
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 21:24:08
NMCOS    

[原文]Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.


[CNNVD]Blackberry手机JAD文件浏览器拒绝服务攻击(CNNVD-200512-825)

        用于BlackBerry Handheld的4.0.2之前版本的Research in Motion (RIM) BlackBerry手机web浏览器使得远程攻击者可以通过带有长应用程序名和厂商字符串的Java应用程序描述(JAD)文件,致使浏览器对话框无法正确消去,从而发起拒绝服务攻击(挂起)。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:rim:blackberry:7105t
cpe:/a:rim:blackberry_device_software:4.0
cpe:/a:rim:blackberry:7280
cpe:/a:rim:blackberry:7100r
cpe:/a:rim:blackberry:7100t
cpe:/a:rim:blackberry:7520
cpe:/a:rim:blackberry:7230_4.0
cpe:/a:rim:blackberry:8700r
cpe:/a:rim:blackberry:7100v
cpe:/a:rim:blackberry:7290
cpe:/a:rim:blackberry:7100i
cpe:/a:rim:blackberry:8700f
cpe:/a:rim:blackberry:7250
cpe:/a:rim:blackberry:7130e
cpe:/a:rim:blackberry_desktop_manager:4.0
cpe:/a:rim:blackberry:7750
cpe:/a:rim:blackberry:7230_3.7.1_.41
cpe:/a:rim:blackberry:7100g
cpe:/a:rim:blackberry:7230_3.8
cpe:/a:rim:blackberry:8700c
cpe:/a:rim:blackberry:7780
cpe:/a:rim:blackberry:7730
cpe:/a:rim:blackberry:7100x

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2343
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2343
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-825
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/829400
(VENDOR_ADVISORY)  CERT-VN  VU#829400
http://www.vupen.com/english/advisories/2006/0011
(UNKNOWN)  VUPEN  ADV-2006-0011
http://www.securityfocus.com/bid/16099
(UNKNOWN)  BID  16099
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791
(UNKNOWN)  CONFIRM  http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/?nodeid=1167791
http://securitytracker.com/id?1015428
(UNKNOWN)  SECTRACK  1015428

- 漏洞信息

Blackberry手机JAD文件浏览器拒绝服务攻击
低危 其他
2005-12-31 00:00:00 2006-01-10 00:00:00
远程  
        用于BlackBerry Handheld的4.0.2之前版本的Research in Motion (RIM) BlackBerry手机web浏览器使得远程攻击者可以通过带有长应用程序名和厂商字符串的Java应用程序描述(JAD)文件,致使浏览器对话框无法正确消去,从而发起拒绝服务攻击(挂起)。

- 公告与补丁

        

- 漏洞信息

22180
BlackBerry Handheld Browser Crafted JAD DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Blackberry Handheld JAD File Browser Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 16099
Yes No
2005-12-30 12:00:00 2005-12-30 12:00:00
Discovery is credited to FX of Phenoelit.

- 受影响的程序版本

Research In Motion Blackberry Device Software 4.0
Research In Motion Blackberry Desktop Manager
Research In Motion Blackberry 8700r
Research In Motion Blackberry 8700f
Research In Motion Blackberry 8700c
Research In Motion Blackberry 7780
Research In Motion Blackberry 7750
Research In Motion Blackberry 7730
Research In Motion Blackberry 7520
Research In Motion Blackberry 7290
Research In Motion Blackberry 7280
Research In Motion Blackberry 7250
Research In Motion Blackberry 7230 4.0
Research In Motion Blackberry 7230 3.8
Research In Motion Blackberry 7230 3.7.1 .41
Research In Motion Blackberry 7130e
Research In Motion Blackberry 7105t
Research In Motion Blackberry 7100x
Research In Motion Blackberry 7100v
Research In Motion Blackberry 7100t
Research In Motion Blackberry 7100r
Research In Motion Blackberry 7100i
Research In Motion Blackberry 7100g
Research In Motion Blackberry Device Software 4.0.2

- 不受影响的程序版本

Research In Motion Blackberry Device Software 4.0.2

- 漏洞讨论

Blackberry Handheld devices are prone to a denial of service attack. The embedded Web browser will stop responding due to a dialog box that has not been properly dismissed when handling a malformed JAD (Java Application Description) file.

- 漏洞利用

There is no exploit required.

- 解决方案

The vendor has addressed this issue in version 4.0.2 of the Blackberry Device Software. Affected users are encouraged to contact their service providers to obtain updated software.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站