-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone have Geoff's gmail address?
- -JP<getting malicious> On Fri, 19 Oct 2007 04:39:44 -0400 Kristian Erik Hermansen <[EMAIL PROTECTED]> wrote: >I have tested and confirmed this bug on a BlackBerry 8700c in a >repeatable fashion. Three outcomes are common (so may be race >condition)... > >1) Entire BlackBerry OS freeze. (On soft-reboot, you will see the >uncaught Java exception for Gmail app) >2) Gmail freezes for some time, and then OS can recover (Gmail not >responding, and killed) >3) Or no DoS at all (if you are lucky) > >Here is the message you will get... >"Uncaught exception: Application gm_8700_v4_0_L1(147) is not >responding; process terminated" > >The way I have commonly invoked this is to send an email of at >least >20k in size to Exchange-synced email address on the same device. >If >the user has Gmail account open, it is more likely to go into DoS >condition if you are composing an email or replying to a large >thread. > Maybe this is due to Gmail trying to auto-save the draft at the >same >time and hanging? Also, how is the hacker community debugging >BlackBerry apps for security issues? ie, can I remotely debug the >processes via USB on the 8700c? > >Thanks in advance... > >PS -- Oh, I just thought that since we are talking about >BlackBerry, I >should mention another funny bug, but not a security issue. It >has to >do with multi-byte character manipulation... > >Tested on 8700c v4.2.1.96 (Platform 2.3.0.79). Follow these steps >to >reproduce the Arabic array index out of bounds exception when >making a >phone call... > >Home -> Settings -> Options -> Language -> Change Option -> Arabic >(funky chars, top item in list) -> Save >Home -> [do this next part quickly] tap 9, tap 0 quickly twice, >while >char is still highlighted tap DEL. >"Uncaught exception: java.lang.StringIndexOutOfBoundsException" >-- >Kristian Erik Hermansen > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wpwEAQECAAYFAkcYrkkACgkQqTTbVuUWvbIQcAP/RA3MyK7nmughIBj58/HYDkUl8WKZ hJ2V3g1FoB+34FY3J+TK6HcUl1Fk22wACOfSMVA2bkyk0CW3CFVNIvKfhtyhu74TWacO gU+rvSU8tLdOH0II4tR5Ob84wEh6ADQ3lUZFQxrj4SUdz/Vv5q6PUF5M7xpuaJN+j3sh AQnOlmk= =sQ5c -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
