Details of VAR-200706-0515

ID

VAR-200706-0515

CVE

CVE-2007-3444

TITLE

Research in Motion BlackBerry 7270 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-005769

DESCRIPTION

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame. BlackBerry 7270 phone is prone to a remote format-string vulnerability. An attacker can exploit this issue to cause certain features of the phone to become unusable until the phone has been reset. BlackBerry 7270 with BlackBerry Device Software 4.0.1.83 and earlier versions are vulnerable. NOTE: When exploited, the device may generate the following error message: "Uncaught exception: java.lang.IllegalArgumentException"

Trust: 1.89

sources: NVD: CVE-2007-3444 // JVNDB: JVNDB-2007-005769 // BID: 24548

AFFECTED PRODUCTS

vendor:	rim	model:	blackberry software	scope:	eq	version:	4.0	Trust: 1.6
vendor:	rim	model:	blackberry 7270	scope:	eq	version:	*	Trust: 1.0
vendor:	blackberry	model:	7270	scope:	eq	version:	4.0 sp1 bundle 83	Trust: 0.8
vendor:	rim	model:	blackberry 7270	scope:	-	version:	-	Trust: 0.6
vendor:	rim	model:	blackberry device software	scope:	eq	version:	4.0.1.83	Trust: 0.3
vendor:	rim	model:	blackberry	scope:	eq	version:	72700	Trust: 0.3
vendor:	rim	model:	blackberry device software	scope:	ne	version:	4.0.1.108	Trust: 0.3

sources: BID: 24548 // JVNDB: JVNDB-2007-005769 // CNNVD: CNNVD-200706-438 // NVD: CVE-2007-3444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3444
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-3444
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200706-438
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2007-3444
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2007-005769 // CNNVD: CNNVD-200706-438 // NVD: CVE-2007-3444

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-3444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-438

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200706-438

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005769

PATCH

title:

Top Page

url:

http://jp.blackberry.com/?DID=blackberry.co.jp

Trust: 0.8

sources: JVNDB: JVNDB-2007-005769

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3444	Trust: 2.7
db:	OSVDB	id:	37648	Trust: 1.6
db:	SECUNIA	id:	25824	Trust: 1.6
db:	BID	id:	24548	Trust: 1.3
db:	CERT/CC	id:	VU#785257	Trust: 1.0
db:	JVNDB	id:	JVNDB-2007-005769	Trust: 0.8
db:	CNNVD	id:	CNNVD-200706-438	Trust: 0.6

sources: BID: 24548 // JVNDB: JVNDB-2007-005769 // CNNVD: CNNVD-200706-438 // NVD: CVE-2007-3444

REFERENCES

url:	http://www.blackberry.com/btsc/articles/225/kb12700_f.sal_public.html	Trust: 1.6
url:	http://osvdb.org/37648	Trust: 1.6
url:	http://secunia.com/advisories/25824	Trust: 1.6
url:	http://www.sipera.com/index.php?action=resources%2cthreat_advisory&tid=211&	Trust: 1.0
url:	http://www.kb.cert.org/vuls/id/785257	Trust: 1.0
url:	http://www.securityfocus.com/bid/24548	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35074	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3444	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3444	Trust: 0.8
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=211&	Trust: 0.6
url:	http://www.blackberry.com	Trust: 0.3
url:	http://www.sipera.com/index.php?action=resources,threat_advisory&tid=208&	Trust: 0.3
url:	http://www.blackberry.com/btsc/search.do?cmd=displaykc&doctype=kc&externalid=kb12700	Trust: 0.3

sources: BID: 24548 // JVNDB: JVNDB-2007-005769 // CNNVD: CNNVD-200706-438 // NVD: CVE-2007-3444

CREDITS

Sipera VIPER Lab※ viper@sipera.com

Trust: 0.6

sources: CNNVD: CNNVD-200706-438

SOURCES

db:	BID	id:	24548
db:	JVNDB	id:	JVNDB-2007-005769
db:	CNNVD	id:	CNNVD-200706-438
db:	NVD	id:	CVE-2007-3444

LAST UPDATE DATE

2025-04-10T23:07:27.126000+00:00

SOURCES UPDATE DATE

db:	BID	id:	24548	date:	2015-05-07T17:37:00
db:	JVNDB	id:	JVNDB-2007-005769	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200706-438	date:	2007-06-29T00:00:00
db:	NVD	id:	CVE-2007-3444	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	24548	date:	2007-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2007-005769	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200706-438	date:	2007-06-26T00:00:00
db:	NVD	id:	CVE-2007-3444	date:	2007-06-27T00:30:00