BlackBerry < 10.2.0.1055 qconnDoor Buffer Overflow

High Nessus Plugin ID 73439

Synopsis

The version of BlackBerry 10 OS is affected by a buffer overflow
vulnerability.

Description

The mobile device uses a version of BlackBerry 10 OS that is older
than version 10.2.0.1055. It is, therefore, affected by a buffer
overflow error related to the 'qconnDoor' service. The vulnerability
could allow denial of service attacks and possibly arbitrary code
execution.

Note that this plugin has relied solely on the version of the
installed OS and has not attempted to verify the status of the
'qconnDoor' service.

Solution

Upgrade to BlackBerry 10.2.0.1055 or later.

Alternatively, refer to the vendor's advisory for mitigation steps
involving development mode, Wi-Fi and safely using USB functionality.

See Also

https://www.modzero.ch/advisories/MZ-13-05-Blackberry_Z10-qconnDoor.txt

https://seclists.org/bugtraq/2014/Apr/35

https://salesforce.services.blackberry.com/kbredirect/KB35816

Plugin Details

Severity: High

ID: 73439

File Name: blackberry_10_2_0_1055.nbin

Version: 1.46

Type: local

Published: 2014/04/09

Modified: 2019/01/14

Dependencies: 60033

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/08

Vulnerability Publication Date: 2014/04/08

Reference Information

CVE: CVE-2014-1468, CVE-2014-2389

BID: 66702, 66713