CONTACT SALES
Internet Telephony Product of the Year

Blackberry™ 7270 SIP stack is vulnerable to malformed header value

Advisory Number: VIPER-2007-024
Release Date: 2007.03.26
Source: Sipera VIPER Lab
Systems Affected: Blackberry 7270- Wireless Handheld (OS v4.0.1.83, Platform 1.0.0.69)
Category: Mobile Device Denial of Service
Severity: High

Overview

Blackberry 7270 SIP stack is vulnerable to malformed SIP INVITE message which disables the phone from being able to process further SIP messages sent to it.

Impact

When malformed message is sent to Blackberry 7270, users may not be able to receive any further calls on the vulnerable phone. Phone does not ring for such malformed INVITE request making user unaware of the fact that the phone is unable to receive any calls. The problem persists even after the phone re-registers with the Registrar. The phone must be rebooted to recover from this state.

Description

BlackBerry 7270 Wireless Handheld™ provides SIP-based IP telephony for facility-based employees. It operates on 802.11b Wireless Local Area Networks (WLANs) to provide Voice over WLAN (VoWLAN) functionality.

Blackberry 7270 is vulnerable to malformed header value in INVITE request where. Phone processes such request, may ring, and then does not receive any further calls. It neither responds to further legitimate INVITE requests nor does it present calls to the user in terms of ringing or display. Re-registering at scheduled time does not help.

The only way to recover from this state is to reboot the phone.

Solution

Phone SIP stack implementation should be patched to prevent exploiting such vulnerability.

Vendor Response:

RIM: A vulnerability exists in the Session Initiation Protocol (SIP) implementation on WLAN BlackBerry 7270 smartphones with BlackBerry Device Software Version 4.0.1.83 and earlier that if exploited by an attacker can result in a Denial of Service in the phone application, but does not affect the other capabilities of the smartphone. This does not affect any other BlackBerry models. To exploit this vulnerability, a user with malicious intent requires access to a private branch exchange (PBX) from within the enterprise network. Research In Motion is working to provide a patch for this issue in a timely manner. For more information please see http://www.blackberry.com/security/news.jsp

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

UC Security Defined
Sipera Systems, the leader in real-time Unified Communications (UC) security, is the choice of enterprises and service providers around the world to support their mission-critical UC deployments.
Sipera offers groundbreaking, production-proven solutions that secure voice, video, messaging, collaboration, and other real-time communications in converged IP networks, boosting compliance with information security requirements.
Backed by the industry-leading research of the VIPER lab, Sipera's solutions provide comprehensive threat protection, policy enforcement, access control, and encryption in a single flexible appliance.

© Copyright 2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, SLiC, Sipera LAVA and Sipera VIPER are trademarks of Sipera Systems, Inc.