BlackBerry < 10.2.0.1055 qconnDoor Buffer Overflow

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The version of BlackBerry 10 OS is affected by a buffer overflow
vulnerability.

Description :

The mobile device uses a version of BlackBerry 10 OS that is older
than version 10.2.0.1055. It is, therefore, affected by a buffer
overflow error related to the 'qconnDoor' service. The vulnerability
could allow denial of service attacks and possibly arbitrary code
execution.

Note that this plugin has relied solely on the version of the
installed OS and has not attempted to verify the status of the
'qconnDoor' service.

See also :

http://www.modzero.ch/advisories/MZ-13-05-Blackberry_Z10-qconnDoor.txt
http://seclists.org/bugtraq/2014/Apr/35
http://www.blackberry.com/btsc/KB35816

Solution :

Upgrade to BlackBerry 10.2.0.1055 or later.

Alternatively, refer to the vendor's advisory for mitigation steps
involving development mode, Wi-Fi and safely using USB functionality.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.3
(CVSS2#E:ND/RL:U/RC:ND)
Public Exploit Available : false

Family: Mobile Devices

Nessus Plugin ID: 73439 ()

Bugtraq ID: 66702
66713

CVE ID: CVE-2014-1468
CVE-2014-2389