CVE-2009-3477

Name of the Vulnerable Software and Affected Versions RIM BlackBerry Device Software versions 4.5.0 through 4.5.0.172 RIM BlackBerry Device Software versions 4.6.0 through 4.6.0.302 RIM BlackBerry Device Software versions 4.6.1 through 4.6.1.308 RIM BlackBerry Device Software versions 4.7.0 through 4.7.0.178 RIM BlackBerry Device Software versions 4.7.1 through 4.7.1.56

Description The Blackberry Browser does not properly handle "hidden" characters, including a '0' character, in a domain name in the subject's Common Name (CN) field of an X.509 certificate. This allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Recommendations For RIM BlackBerry Device Software version 4.5.0, update to version 4.5.0.173 or later. For RIM BlackBerry Device Software version 4.6.0, update to version 4.6.0.303 or later. For RIM BlackBerry Device Software version 4.6.1, update to version 4.6.1.309 or later. For RIM BlackBerry Device Software version 4.7.0, update to version 4.7.0.179 or later. For RIM BlackBerry Device Software version 4.7.1, update to version 4.7.1.57 or later.