CONTACT SALES
Internet Telephony Product of the Year

Blackberry™ 7270 SIP stack is vulnerable to malformed header value

Advisory Number: VIPER-2007-024
Release Date: 2007.03.26
Source: Sipera VIPER Lab
Systems Affected: Blackberry 7270- Wireless Handheld (OS v4.0.1.83, Platform 1.0.0.69)
Category: Mobile Device Denial of Service
Severity: High

Overview

Blackberry 7270 SIP stack is vulnerable to malformed SIP INVITE message which disables the phone from being able to process further SIP messages sent to it.

Impact

When malformed message is sent to Blackberry 7270, users may not be able to receive any further calls on the vulnerable phone. Phone does not ring for such malformed INVITE request making user unaware of the fact that the phone is unable to receive any calls. The problem persists even after the phone re-registers with the Registrar. The phone must be rebooted to recover from this state.

Description

BlackBerry 7270 Wireless Handheld™ provides SIP-based IP telephony for facility-based employees. It operates on 802.11b Wireless Local Area Networks (WLANs) to provide Voice over WLAN (VoWLAN) functionality.

Blackberry 7270 is vulnerable to malformed header value in INVITE request where. Phone processes such request, may ring, and then does not receive any further calls. It neither responds to further legitimate INVITE requests nor does it present calls to the user in terms of ringing or display. Re-registering at scheduled time does not help.

The only way to recover from this state is to reboot the phone.

Solution

Phone SIP stack implementation should be patched to prevent exploiting such vulnerability.

Vendor Response:

RIM: A vulnerability exists in the Session Initiation Protocol (SIP) implementation on WLAN BlackBerry 7270 smartphones with BlackBerry Device Software Version 4.0.1.83 and earlier that if exploited by an attacker can result in a Denial of Service in the phone application, but does not affect the other capabilities of the smartphone. This does not affect any other BlackBerry models. To exploit this vulnerability, a user with malicious intent requires access to a private branch exchange (PBX) from within the enterprise network. Research In Motion is working to provide a patch for this issue in a timely manner. For more information please see http://www.blackberry.com/security/news.jsp

For more information on any of these threat advisories, please email Sipera VIPER Lab at viper@sipera.com

Unified Communications Unleashed
Sipera Systems is the worldwide market leader in solutions for the rapid and simple adoption of Unified Communications (UC). Thousands of users around the globe rely on Sipera to secure VoIP, IP video, collaboration, messaging and dozens of other high-performance applications. Sipera’s groundbreaking “Borderless UC” enables controlled communications to any device in any location.

Years of UC Security experience is contained in Sipera unified communications (UC-Sec) products. These appliances benefit from the research conducted by Sipera VIPER Lab to provide comprehensive threat protection, policy enforcement, access control, and privacy in a single, real-time appliance.

© Copyright 2006-2010 Sipera Systems, Inc. All rights reserved. Sipera, Sipera UC-Sec and related products, Sipera LAVA and Sipera VIPER and related services are trademarks of Sipera Systems, Inc.