lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 19 Oct 2007 04:39:44 -0400
From: "Kristian Erik Hermansen" <kristian.hermansen@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Gmail 1.1.0 for BlackBerry remote DoS

I have tested and confirmed this bug on a BlackBerry 8700c in a
repeatable fashion.  Three outcomes are common (so may be race
condition)...

1) Entire BlackBerry OS freeze. (On soft-reboot, you will see the
uncaught Java exception for Gmail app)
2) Gmail freezes for some time, and then OS can recover (Gmail not
responding, and killed)
3) Or no DoS at all (if you are lucky)

Here is the message you will get...
"Uncaught exception: Application gm_8700_v4_0_L1(147) is not
responding; process terminated"

The way I have commonly invoked this is to send an email of at least
20k in size to Exchange-synced email address on the same device.  If
the user has Gmail account open, it is more likely to go into DoS
condition if you are composing an email or replying to a large thread.
 Maybe this is due to Gmail trying to auto-save the draft at the same
time and hanging?  Also, how is the hacker community debugging
BlackBerry apps for security issues?  ie, can I remotely debug the
processes via USB on the 8700c?

Thanks in advance...

PS -- Oh, I just thought that since we are talking about BlackBerry, I
should mention another funny bug, but not a security issue.  It has to
do with multi-byte character manipulation...

Tested on 8700c v4.2.1.96 (Platform 2.3.0.79).  Follow these steps to
reproduce the Arabic array index out of bounds exception when making a
phone call...

Home -> Settings -> Options -> Language -> Change Option -> Arabic
(funky chars, top item in list) -> Save
Home -> [do this next part quickly] tap 9, tap 0 quickly twice, while
char is still highlighted tap DEL.
"Uncaught exception: java.lang.StringIndexOutOfBoundsException"
-- 
Kristian Erik Hermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ