Details of VAR-201012-0197

ID

VAR-201012-0197

CVE

CVE-2010-2603

TITLE

BlackBerry Desktop Software Vulnerable to decrypting encrypted files

Trust: 0.8

sources: JVNDB: JVNDB-2010-002777

DESCRIPTION

RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack. BlackBerry Desktop Software is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The issue affects the following: BlackBerry Desktop Software 4.7 (PC OS) BlackBerry Desktop Software 5.0 (PC OS) BlackBerry Desktop Software 6.0 (PC OS) BlackBerry Desktop Software 1.0 (Mac OS). ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BlackBerry Desktop Software Backup File Brute Force Weakness SECUNIA ADVISORY ID: SA42657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42657 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to conduct brute force attacks. The weakness is reported in version 6.0. SOLUTION: Update to version 6.0.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits ElcomSoft. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB24764 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2010-2603 // JVNDB: JVNDB-2010-002777 // BID: 45434 // VULHUB: VHN-45208 // PACKETSTORM: 96988 // PACKETSTORM: 96987

AFFECTED PRODUCTS

vendor:	rim	model:	blackberry desktop software	scope:	eq	version:	1.0	Trust: 1.9
vendor:	rim	model:	blackberry desktop software	scope:	eq	version:	5.0.1	Trust: 1.6
vendor:	rim	model:	blackberry desktop software	scope:	eq	version:	5.0	Trust: 1.6
vendor:	rim	model:	blackberry desktop software	scope:	eq	version:	4.7	Trust: 1.6
vendor:	rim	model:	blackberry desktop software	scope:	eq	version:	6.0	Trust: 1.6
vendor:	blackberry	model:	desktop software	scope:	eq	version:	1.0 (mac os)	Trust: 0.8
vendor:	blackberry	model:	desktop software	scope:	eq	version:	4.7 (pc os)	Trust: 0.8
vendor:	blackberry	model:	desktop software	scope:	eq	version:	5.0 (pc os)	Trust: 0.8
vendor:	blackberry	model:	desktop software	scope:	eq	version:	6.0 (pc os)	Trust: 0.8
vendor:	rim	model:	blackberry desktop software	scope:	ne	version:	2.0	Trust: 0.3

sources: BID: 45434 // JVNDB: JVNDB-2010-002777 // CNNVD: CNNVD-201012-245 // NVD: CVE-2010-2603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2603
value:	LOW
Trust: 1.0
NVD:	CVE-2010-2603
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201012-245
value:	LOW
Trust: 0.6
VULHUB:	VHN-45208
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2010-2603
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-45208
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-45208 // JVNDB: JVNDB-2010-002777 // CNNVD: CNNVD-201012-245 // NVD: CVE-2010-2603

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.1
problemtype:	CWE-119	Trust: 0.8

sources: VULHUB: VHN-45208 // JVNDB: JVNDB-2010-002777 // NVD: CVE-2010-2603

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201012-245

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201012-245

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002777

PATCH

title:

KB24764

url:

http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24764

Trust: 0.8

sources: JVNDB: JVNDB-2010-002777

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2603	Trust: 2.8
db:	BID	id:	45434	Trust: 2.8
db:	SECUNIA	id:	42657	Trust: 2.6
db:	SECUNIA	id:	42661	Trust: 2.6
db:	SECTRACK	id:	1024908	Trust: 1.9
db:	JVNDB	id:	JVNDB-2010-002777	Trust: 0.8
db:	CNNVD	id:	CNNVD-201012-245	Trust: 0.7
db:	VULHUB	id:	VHN-45208	Trust: 0.1
db:	PACKETSTORM	id:	96988	Trust: 0.1
db:	PACKETSTORM	id:	96987	Trust: 0.1

sources: VULHUB: VHN-45208 // BID: 45434 // JVNDB: JVNDB-2010-002777 // PACKETSTORM: 96988 // PACKETSTORM: 96987 // CNNVD: CNNVD-201012-245 // NVD: CVE-2010-2603

REFERENCES

url:	http://www.securityfocus.com/bid/45434	Trust: 2.5
url:	http://secunia.com/advisories/42657	Trust: 2.5
url:	http://secunia.com/advisories/42661	Trust: 2.5
url:	http://www.securitytracker.com/id?1024908	Trust: 1.9
url:	http://www.blackberry.com/btsc/search.do?cmd=displaykc&doctype=kc&externalid=kb24764	Trust: 1.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2603	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2603	Trust: 0.8
url:	http://www.rim.net/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/products/corporate/vim/	Trust: 0.2
url:	http://www.blackberry.com/btsc/kb24764	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://www.blackberry.com/btsc/search.do?cmd=displaykc&doctype=kc&externalid=kb24764	Trust: 0.1
url:	http://secunia.com/advisories/42661/#comments	Trust: 0.1
url:	http://secunia.com/advisories/42661/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42661	Trust: 0.1
url:	http://secunia.com/advisories/42657/	Trust: 0.1
url:	http://secunia.com/advisories/42657/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42657	Trust: 0.1

sources: VULHUB: VHN-45208 // BID: 45434 // JVNDB: JVNDB-2010-002777 // PACKETSTORM: 96988 // PACKETSTORM: 96987 // CNNVD: CNNVD-201012-245 // NVD: CVE-2010-2603

CREDITS

ElcomSoft Co. Ltd.

Trust: 0.3

sources: BID: 45434

SOURCES

db:	VULHUB	id:	VHN-45208
db:	BID	id:	45434
db:	JVNDB	id:	JVNDB-2010-002777
db:	PACKETSTORM	id:	96988
db:	PACKETSTORM	id:	96987
db:	CNNVD	id:	CNNVD-201012-245
db:	NVD	id:	CVE-2010-2603

LAST UPDATE DATE

2025-04-11T22:56:30.153000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-45208	date:	2011-01-12T00:00:00
db:	BID	id:	45434	date:	2010-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-002777	date:	2011-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201012-245	date:	2010-12-21T00:00:00
db:	NVD	id:	CVE-2010-2603	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-45208	date:	2010-12-17T00:00:00
db:	BID	id:	45434	date:	2010-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-002777	date:	2011-03-30T00:00:00
db:	PACKETSTORM	id:	96988	date:	2010-12-25T08:44:11
db:	PACKETSTORM	id:	96987	date:	2010-12-25T08:44:09
db:	CNNVD	id:	CNNVD-201012-245	date:	2010-12-21T00:00:00
db:	NVD	id:	CVE-2010-2603	date:	2010-12-17T19:00:19.933