BlackBerry 10.x < 10.2.0.1055 'qconnDoor' Buffer Overflow

critical Nessus Network Monitor Plugin ID 8217

Synopsis

The BlackBerry mobile device is vulnerable to a buffer overflow.

Description

Versions of BlackBerry 10.x earlier than 10.2.0.1055 are affected by a buffer overflow vulnerability in the 'qconnDoor' service. An attacker could leverage this for denial of service attacks and possibly arbitrary code execution. A successful attack requires having turned on developer mode once during the phone's runtime (and notably, can still be exploited even after the mode has been shut off).

Solution

Upgrade the BlackBerry to 10.2.0.1055, or later. Refer to the vendor's advisory for mitigation involving the development mode, Wi-Fi and safely using USB functionality.

See Also

http://www.modzero.ch/advisories/MZ-13-05-Blackberry_Z10-qconnDoor.txt

http://seclists.org/bugtraq/2014/Apr/35

http://www.blackberry.com/btsc/KB35816

Plugin Details

Severity: Critical

ID: 8217

Published: 4/30/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Patch Publication Date: 4/8/2014

Vulnerability Publication Date: 4/8/2014

Reference Information

CVE: CVE-2014-2389

BID: 66702