VAR-200706-0515
Vulnerability from variot - Updated: 2023-12-18 12:39The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame. BlackBerry 7270 phone is prone to a remote format-string vulnerability. An attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. BlackBerry 7270 with BlackBerry Device Software 4.0.1.83 and earlier versions are vulnerable. NOTE: When exploited, the device may generate the following error message: "Uncaught exception: java.lang.IllegalArgumentException"
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200706-0515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blackberry software",
"scope": "eq",
"trust": 1.6,
"vendor": "rim",
"version": "4.0"
},
{
"model": "blackberry 7270",
"scope": "eq",
"trust": 1.0,
"vendor": "rim",
"version": "*"
},
{
"model": "7270",
"scope": "eq",
"trust": 0.8,
"vendor": "blackberry",
"version": "4.0 sp1 bundle 83"
},
{
"model": "blackberry 7270",
"scope": null,
"trust": 0.6,
"vendor": "rim",
"version": null
},
{
"model": "blackberry device software",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.0.1.83"
},
{
"model": "blackberry",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "72700"
},
{
"model": "blackberry device software",
"scope": "ne",
"trust": 0.3,
"vendor": "rim",
"version": "4.0.1.108"
}
],
"sources": [
{
"db": "BID",
"id": "24548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rim:blackberry_7270:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rim:blackberry_software:4.0:sp1_bundle83:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sipera VIPER Lab\u203b viper@sipera.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3444",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-3444",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3444",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-438",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame. BlackBerry 7270 phone is prone to a remote format-string vulnerability. \nAn attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. \nBlackBerry 7270 with BlackBerry Device Software 4.0.1.83 and earlier versions are vulnerable. \nNOTE: When exploited, the device may generate the following error message:\n\"Uncaught exception: java.lang.IllegalArgumentException\"",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "BID",
"id": "24548"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3444",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "25824",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37648",
"trust": 1.6
},
{
"db": "BID",
"id": "24548",
"trust": 1.3
},
{
"db": "CERT/CC",
"id": "VU#785257",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "24548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"id": "VAR-200706-0515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2023-12-18T12:39:46.394000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.blackberry.com/?did=blackberry.co.jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3444"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://osvdb.org/37648"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/25824"
},
{
"trust": 1.6,
"url": "http://www.blackberry.com/btsc/articles/225/kb12700_f.sal_public.html"
},
{
"trust": 1.0,
"url": "http://www.kb.cert.org/vuls/id/785257"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/24548"
},
{
"trust": 1.0,
"url": "http://www.sipera.com/index.php?action=resources%2cthreat_advisory\u0026tid=211\u0026"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35074"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3444"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3444"
},
{
"trust": 0.6,
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=211\u0026"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com"
},
{
"trust": 0.3,
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory\u0026tid=208\u0026"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/search.do?cmd=displaykc\u0026doctype=kc\u0026externalid=kb12700"
}
],
"sources": [
{
"db": "BID",
"id": "24548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "24548"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-26T00:00:00",
"db": "BID",
"id": "24548"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"date": "2007-06-27T00:30:00",
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"date": "2007-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-07T17:37:00",
"db": "BID",
"id": "24548"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005769"
},
{
"date": "2023-11-07T02:00:50.217000",
"db": "NVD",
"id": "CVE-2007-3444"
},
{
"date": "2007-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Research in Motion BlackBerry 7270 Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005769"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-438"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…